cancel
Showing results for 
Search instead for 
Did you mean: 
nmalonzo
Level 7

Send Syslog Monitor / Troubleshoot

Hi Everyone,

MWG v 7.3

1. Where can we find logs that MWG has Failed or successfully sent syslog to siem server?

2. Does MWG save the generated syslog to a file? where is it located?

It would be great if you can share to us how to monitor / troubleshoot syslog entry generated from MWG.

Thanks.

0 Kudos
2 Replies
nmalonzo
Level 7

Re: Send Syslog Monitor / Troubleshoot

Follow up question for yout for verification...

Daemon.info @@[IP address] - is for TCP

while

Daemon.info [IP address] - is for UDP, is this correct?

What is the recommended protocol to use?

Thanks,

0 Kudos
itsec
Level 7

Re: Send Syslog Monitor / Troubleshoot

Hi,

1) When I setup syslog to siem, I saw errors in the Log Files > MWG Errors > mwg.core.errors.log

There were entries such as

[2013-01-17 09:01:05.764 +00:00] [NotificationPlugin] [SyslogError] Dropping syslog entry because queue is full.

NB to fix I restarted the rsyslog service on the MWG

2) Depends on your conf file.   If you login via winscp or ssh you can see some logs like cron /messages in /var/log

3) syslog is best supported over udp. be sure to fully research whether your siem support syslog over tcp.

Here's some sites I found useful.

http://www.rsyslog.com

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_sy...

Finally there are loads of posts on this topic if you search for siem

Hope this helps :-)

0 Kudos