Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Linux Server Logs Configuration
Overview
Using this document we configure Linux server with the CCE, CCE pulls the logs and redirect it to APE.
For this configuration we use UDP port 514.
Steps of Configuration:-
- Login as root user on the server
- cd /etc should be the first command ran on server , (to get inside /etc directory)
- ls to check the list , ( similar list will appear)
- vi rsyslog.conf command need to be ran next and enter
- Scan and find the red marked line :
- Once done type the command
(Note: Press i and then insert the following changes , to save the changes press Esc then write :wq! and enter .)
*.* @CCE_IP:514
- .
- Run the command : service rsyslog restart.(Restart rsyslog service .)
- To check the status type the command service rsyslog status
Verification:-
- VERIFICATION CAN BE DONE IN TWO WAYS :-
1.By checking on UI
2. Checking logs through CCE server
Verification through UI
- Open UI >>System tab >> Logs and flows collection status:
- The IP will reflect below source device IP
Verification Through CCE server
- Run the command " sudo tcpdump -i any port 514 and host <IP address>
Seceon Inc. All rights reserved. https://www.seceon.com