EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 15 December 2024, 02:41:53 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Reference Manual
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
remote syslog problem
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: remote syslog problem (Read 18545 times)
suk
Jr. Member
Offline
Posts: 1
remote syslog problem
«
on:
Tuesday 25 November 2008, 10:10:29 pm »
I have a windows box configured as a syslogger on 10.0.0.10 port 514 which I know to be working correctly.
I have a endian fw box (virtulaized on vmware workstation with 2 network interfaces - green [10.0.0.1] and red [192.168.0.1]). On Endian I have set the syslog settings to Remote with the ip address of the syslogger 10.0.0.10.
I am not recieving any syslog message from the Endian box.... I can ping the syslogger from the Endian box no problem....I have only one firewall rule which is allow any to any.
Any ideas anyone?
regards
Suk
Logged
dimabar
Jr. Member
Offline
Posts: 3
Re: remote syslog problem
«
Reply #1 on:
Tuesday 20 January 2009, 09:20:17 pm »
Some troubles in my EF install.... Please help!
Logged
lightenup
Full Member
Offline
Posts: 11
Re: remote syslog problem
«
Reply #2 on:
Monday 24 August 2009, 09:37:06 am »
you can add this to the end of /etc/syslog/syslog.conf (obviously you would replace 172.16.1.1 with the ip of your syslog server):
#remote logging
destination d_loghost {udp("172.16.1.1" port(514));};
log { source(s_sys); destination(d_loghost); };
Once that is done restart syslog:
/etc/init.d/syslog-ng restart
That should do it. It looks like there is some problem with the web gui or the template file that generates the syslog.conf file. Keep in mind that if you make any changes to the syslog settings in the GUI this setting will likely be removed.
Lightenup
Logged
lightenup
Full Member
Offline
Posts: 11
Re: remote syslog problem
«
Reply #3 on:
Monday 31 August 2009, 03:42:52 am »
I was poking around this morning and I found a better way to add the syslog entry in a way that it will not get over written. Create a file in /etc/syslog/syslog.d name it remote_syslog.tmpl and put the following contents in it:
#remote logging
destination d_loghost {udp("192.168.1.1" port(514));};
log { source(s_sys); destination(d_loghost); };
Now go to the web ui logs > settings and hit save. The tmpl config you created should now be included as part of the /etc/syslog/syslog.conf file, this will not get removed even after changing settings or reboots. Note, be sure to put some return characters before and after the remote logging entries (above), otherwise the lines mights get wrapped in the final syslog.conf. Hope this helps.
Logged
amtz83
Jr. Member
Offline
Posts: 1
Re: remote syslog problem
«
Reply #4 on:
Friday 24 May 2013, 08:46:56 am »
Hi there, I did this procedure on my EF but it not send anything to splunk
What can I do
?
Can someone help me
??
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com