Export logs via Syslog
From Tech-Wiki
Revision as of 16:22, 3 February 2019 by Fabricio.Lima (Talk | contribs)
Forwarding Traffic Logs stored on the Management Server to Syslog Server
1. Add the below lines in the /etc/rc.d/init.d/cpboot file.
fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall &
2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well.
3. Now, send these messages to remote syslog server. Configure the following in clash:
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info
If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server, set the gateway to forward logs to this server, then set this flag on gateway:
# fw ctl set int fwsyslog_enable 1
And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots)