Versions Compared

Old Version 2

changes.mady.by.user Customer Success & Engineering

Saved on

compared with

New Version Current

changes.mady.by.user Customer Success & Engineering

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

PRE-REQUISITE:-

  • Importance

  • Steps of Configuration

  • Verification 

...

Table of Contents

Overview

Using this document we configure Linux server with the CCE, CCE pulls the logs and redirect it to APE.

For this configuration we use UDP port 514.

Steps of Configuration:-

  •  Login as root user on the server 

...

  • Once done type the command 

              (Note: Press i and then insert the following changes , to save the changes press Esc then write :wq! and enter .)

                 *.* @CCE_IP:514

    • Configure CCE-IP at the end of file:

    #*.* @@remote-host:514

    # ### end of the forwarding rule ###

    *.* @CCE_IP:514

    Restart rsyslog service .
    • Run the command  : service rsyslog restart.
  • .
  • Run the command  : service rsyslog restart.(Restart rsyslog service .)

Image Added

  • To check  the status type the command  service rsyslog status

Image Added

Verification:-

  • VERIFICATION CAN BE DONE IN TWO WAYS :-

                 1.By checking on UI 

                 2. Checking logs through CCE server

Verification through UI 

  • Open UI >>System tab >> Logs and flows collection status:

Image Added

  • The IP will reflect below source device IP 


Image Added

Verification Through CCE server

  • Run the command " sudo tcpdump -i any port 514 and host <IP address>

Image Added