Table of Contents
...
Step 6: Now modify the changes inside the remote.conf.
Step 7: " vi remote.conf "
Note 1. Please do the following changes inside the Forwarding rule section.
Note: 2. Press" i "to insert a new line at the bottomand Assign an IP address and port for rsyslogd.
# Remote Logging using UDP.
...
*.* @cce-ip:514
Note 3: Uncomment the following lines in the UDP Syslog Server or TCP Syslog Server section of the configuration file.
TCP example:
$ModLoad imtcp.so $UDPServerAddress IP1 $InputTCPServerRun PORT2
...
" systemctl status rsyslog.service "VERIFICATION OF CONFIGURATION
Verification can be done either from CCE Server or from UI.
Using UI
STEP 1: Login to UI >> SYSTEM
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...
Using CCE SERVER
“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .