Table of Contents | ||||
---|---|---|---|---|
|
Overview
Configure the logs to be sent to the remote syslog server so that the disk space on the UTM is conserved. You can also monitor, analyze the logs on the syslog server independently. Before configuring the remote syslog server on the UTM appliance, you must ensure that the remote server is up and running and the UTM appliance is able to connect to the remote server.
Steps Of Configuration
Adding a remote syslog server
...
3. Enable the Remote Syslog service by toggling the Remote Syslog Service status button
VERIFICATION OF CONFIGURATION
Verification can be done either from CCE Server or from UI.
Using UI
STEP 1: Login to UI >> SYSTEM
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...
Using CCE SERVER
“sudo tcpdump -i any host 514 (for logs) and 9995 (for flows) and host <IP address> -AAA” command should be ran on CCE server to check whether or not we are getting logs .