Difference between revisions of "Export logs via Syslog"
From Tech-Wiki
| Line 14: | Line 14: | ||
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info | > add syslog log-remote-address <IP-address_of_Syslog_Server> level info | ||
| − | If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server, set the gateway to forward logs to this server, then set this flag on gateway: | + | If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server (which require add-on sk105412), set the gateway to forward logs to this server, then set this flag on gateway: |
# fw ctl set int fwsyslog_enable 1 | # fw ctl set int fwsyslog_enable 1 | ||
And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots) | And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots) | ||
Revision as of 19:19, 25 February 2019
Forwarding Traffic Logs stored on the Management Server to Syslog Server
1. Add the below lines in the /etc/rc.d/init.d/cpboot file.
fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall &
2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well.
3. Now, send these messages to remote syslog server. Configure the following in clash:
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info
If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server (which require add-on sk105412), set the gateway to forward logs to this server, then set this flag on gateway:
# fw ctl set int fwsyslog_enable 1
And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots)