...
Table of Contents
Overview
Using this document we configure Linux logs please follow the steps:
- Open file vi /etc/rsyslog.conf file
- Configure CCE-IP at the end of file:
#*.* @@remote-host:514
# ### end of the forwarding rule ###
server with the CCE, CCE pulls the logs and redirect it to APE.
For this configuration we use UDP port 514.
Steps of Configuration:-
- Login as root user on the server
- cd /etc should be the first command ran on server , (to get inside /etc directory)
- ls to check the list , ( similar list will appear)
- vi rsyslog.conf command need to be ran next and enter
- Scan and find the red marked line :
- Once done type the command
(Note: Press i and then insert the following changes , to save the changes press Esc then write :wq! and enter .)
*.* @CCE_IP:514
...
- .
- Run the command : service rsyslog restart.(Restart rsyslog service .)
- To check the status type the command service rsyslog status
Verification:-
- VERIFICATION CAN BE DONE IN TWO WAYS :-
1.By checking on UI
2. Checking logs through CCE server
Verification through UI
- Open UI >>System tab >> Logs and flows collection status:
- The IP will reflect below source device IP
Verification Through CCE server
- Run the command " sudo tcpdump -i any port 514 and host <IP address>
