Overview

Configure the logs to be sent to the remote syslog server so that the disk space on the UTM is conserved. You can also monitor, analyze the logs on the syslog server independently. Before configuring the remote syslog server on the UTM appliance, you must ensure that the remote server is up and running and the UTM appliance is able to connect to the remote server.

Steps Of Configuration

Adding a remote syslog server

1. Navigate to Logs and Reports > Settings > Remote Syslog Server.

...

3. Enable the Remote Syslog service by toggling the Remote Syslog Service status button

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1:Login to UI >> SYSTEM

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...

Using CCE SERVER

“sudo tcpdump -i any host 514 (for logs) and 9995 (for flows) and host <IP address> -AAA” command should be ran on CCE server to check whether or not we are getting logs .