8 Replies Latest reply on Nov 19, 2009 11:07 PM by JHD

    syslog forwarding question

    nsgmike

      I've been searching for a way to forward my syslog information from my web washer appliance to a siem server. Anyone have any ideas? thanks

        • 1. Re: syslog forwarding question
          asabban

          Hello,

           

          what exactly do you want to achieve? Can you give me an example? If you simply want to forward all syslog messages written on the appliance to another syslog server, you can simply modify the /etc/syslog.conf file on the appliance, for example by adding an entry like

           

          *.*     @192.168.0.1

           

          which causes the syslog server to send ALL messages to 192.168.0.1 on UDP Port 514. Of course 192.168.0.1 needs to have a listening syslog service running.

           

          Please note that a modified syslog.conf file is out of support and not part of the backup, but it should be possible to achieve your goals with this.

           

          Let me know.

           

          best,

          Andre

          • 2. Re: syslog forwarding question
            nsgmike

            Yea I am just trying to forward them from the appliance to another syslog server. I couldnt find anything on the GUI and didnt know the command for CLI. Thanks I will try it.

            • 3. Re: syslog forwarding question
              asabban

              Hello,

               

              correct this is not part of the GUI, unfortunately.The Syslog service is actually the well-known Syslog service running on many Linux operating systems. If you are familiar with that you should not encounter problems setting up the redirection.

               

              If it does not work, please let me know. I will try to assist you setting it up.

               

              Best,

              Andre

              • 4. Re: syslog forwarding question
                DBO

                OK, what can be sent using the syslog?  Can the entries in the error log pipe to syslog?  At this point, Webwasher is a close box that cannot be monitor except some limit info using SNMP.  We had (until this week upgrade to 6.8.6) process crash/memory buildup register in the error log but no way to know about them until the system stop working and the phone start ringing.

                 

                Anyway to help manage those gateway would be helpfull and please remember that we manage service, not unix...  « How to » style document are very helpfull.  Once I retire, I will probably have time to learn another OS...

                • 5. Re: syslog forwarding question
                  asabban

                  Hi DBO,

                   

                  by default you can only redirect those messages sent to syslog (operating system messages) to another syslog server. The Webwasher logfiles are flat files and by default do not go into syslog. There is a utility available that allows to redirect a logfile into syslog, I gave it a quick try and it looked promising, but this also is not an official part of the product.

                   

                  If you feel there is lack of a feature, please feel free to find a feature request at http://www.securecomputing.com/index.cfm?skey=1171.

                   

                  If you are interested in giving the non-official way a try, please let me know.

                   

                  Best,

                  Andre

                  • 6. Re: syslog forwarding question
                    DBO

                    It's a definitive YES.  It would have help us with the recurring problem we faced for the last month.  Hopefully, 6.8.6 now looking good for the last 3 days.

                    • 7. Re: syslog forwarding question
                      asabban

                      Just sent you a PM to not mess up the original thread.

                       

                      best,

                      Andre

                      • 8. Re: syslog forwarding question

                        The "CorreLog Windows Syslog Agent" is freeware for Windows platforms. In addition to monitoring native Windows event logs, the agent will also tail any streaming log files, match specific patterns, and send the matching log messages to a syslog server in standard syslog format.

                         

                        It is quite powerful, but you have to read the manual. (See Section 4, page 31 in the WT-MANUAL.pdf file, accompanying the download.) Specifically, you need to add a "Logfile" directive to the agent configuration file specifying the location of the file and any match patterns.

                         

                        This will take care of your problem.

                         

                        You can download the agent by searching for "Correlog" at www.download.com. Send specific questions to info@correlog.com and I am sure someone will help you with any issues or questions.

                         

                        Sorry, a bit late for this post, but better late than never. I hope this helps a little.