cancel
Showing results for 
Search instead for 
Did you mean: 
uzanatta
Level 10

StoneGate Log

Hi there,

do you have any idea how can I set the StoneSoft Management in order to get it working?

I followed the official guide without success.

1) I defined the DataSource Model as StoneGate Firewall/VPN

2) I changed the LogServerConfiguration.txt with the following parameters:

SYSLOG_SERVER_ADDRESS=<ip_address>

SYSLOG_MESSAGE_PRIORITY=6
SYSLOG_FILTER_TYPE=KEEP
SYSLOG_FILTER_MATCH=NONE

Nothing to do.

The official KB suggests the right sequence of the fields (https://kc.mcafee.com/corporate/index?page=content&id=KB74693&actp=LIST).

1) I created a new syslog templates (mcafee_syslog_conf.xml) in the syslog_templates directory of the StoneGate Management;

2) I addedd the SYSLOG_CONF_FILE=<path of mcafee_syslog_conf.xml) into the LogServerConfiguration.txt;

Nothing to do.

The File /usr/local/nfx/config/data/StoneGateRules.xml shows different fields so I tried with them but withous success.

Thank you very much.

Rgds,

0 Kudos
8 Replies
uzanatta
Level 10

Re: StoneGate Log

Now, it's working. User Guide is not well done but I found the solution.

0 Kudos
firemtn
Level 9

Re: StoneGate Log

Nicely done Umberto,

You should consider posting your solution, maybe it will helps someone!

Cheers,

Mike

0 Kudos
uzanatta
Level 10

Re: StoneGate Log

Hi,

here it is:

SYSLOG_USE_DELIMITER=ALWAYS

SYSLOG_CONF_FILE=${SG_ROOT_DIR}/data/fields/syslog_templates/default_syslog_conf.xml

0 Kudos
lichnt
Level 7

Re: StoneGate Log

Hi Umberto Zanatta

Can you help step by step config pull syslog from stonesoft to Recevicer ?

Thanks

0 Kudos
uzanatta
Level 10

Re: StoneGate Log

Hi,

you should follow the following KB: https://kc.mcafee.com/corporate/index?page=content&id=KB74693&actp=LIST but adding on the stonesoft configuration file the following parameters:

SYSLOG_USE_DELIMITER=ALWAYS

SYSLOG_CONF_FILE=${SG_ROOT_DIR}/data/fields/syslog_templates/default_syslog_conf .xml

If you don't do that it doesn't work.

Rgds

lichnt
Level 7

Re: StoneGate Log

Thank   , i forward syslog on stonesoft to siem, ok ^^ . I will try your solution.

0 Kudos
terohy
Level 7

Re: StoneGate Log

Hey,

Just wanted to remind everybody that in latest SMC version 5.5 (syslog) forwarding is now mostly configured via SMC GUI in log server properties (couple of settings are still kept in LogServerConfiguration.txt). Check latest Stonesoft Administrator's Guide starting at page 322 (http://www.stonesoft.com/opencms/export/system/galleries/download/product_docs/current/Stonesoft_Adm...).

BR

0 Kudos
exbrit
Level 21

Re: StoneGate Log

FYI - there's now a community section for Next Generation Firewall by Stonesoft.

https://community.mcafee.com/community/business/network/stonesoft

0 Kudos