Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 08:28:56 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  remote syslog problem
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: remote syslog problem  (Read 18136 times)
suk
Jr. Member
*
Offline Offline

Posts: 1


« on: Tuesday 25 November 2008, 10:10:29 pm »

I have a windows box configured as a syslogger on 10.0.0.10 port 514 which I know to be working correctly.

I have a endian fw box (virtulaized on vmware workstation with 2 network interfaces - green [10.0.0.1] and red [192.168.0.1]).  On Endian I have set the syslog settings to Remote with the ip address of the syslogger 10.0.0.10. 

I am not recieving any syslog message from the Endian box....  I can ping the syslogger from the Endian box no problem....I have only one firewall rule which is allow any to any.

Any ideas anyone?

regards

Suk
Logged
dimabar
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Tuesday 20 January 2009, 09:20:17 pm »

Some troubles in my EF install.... Please help!
Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Monday 24 August 2009, 09:37:06 am »

you can add this to the end of /etc/syslog/syslog.conf (obviously you would replace 172.16.1.1 with the ip of your syslog server):


#remote logging
destination d_loghost {udp("172.16.1.1" port(514));};
log { source(s_sys); destination(d_loghost); };


Once that is done restart syslog:

/etc/init.d/syslog-ng restart


That should do it. It looks like there is some problem with the web gui or the template file that generates the syslog.conf file. Keep in mind that if you make any changes to the syslog settings in the GUI this setting will likely be removed.

Lightenup
Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #3 on: Monday 31 August 2009, 03:42:52 am »

I was poking around this morning and I found a better way to add the syslog entry in a way that it will not get over written. Create a file in /etc/syslog/syslog.d name it remote_syslog.tmpl and put the following contents in it:



#remote logging
destination d_loghost {udp("192.168.1.1" port(514));};
log { source(s_sys); destination(d_loghost); };



Now go to the web ui logs > settings and hit save. The tmpl config you created should now be included as part of the /etc/syslog/syslog.conf file, this will not get removed even after changing settings or reboots. Note, be sure to put some return characters  before and after the remote logging entries (above), otherwise the lines mights get wrapped in the final syslog.conf. Hope this helps.
Logged
amtz83
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Friday 24 May 2013, 08:46:56 am »

Hi there, I did this procedure on my EF but it not send anything to splunk


What can I do Huh?


Can someone help me Huh??
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com