Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

SUSE Linux Server Logs Configuration

Overview

Using this document we will take logs from this device to our CCE and further it will go to our APE machine.

We use UDP 514 port for this.

Before configuration make sure that 514 port is open and there  is reachability between CCE and this Linux device.

Steps of Configuration

Step 1:  Login as root user on the server 

 

Step 2: cd /etc should be the first command run on server, (to get  inside /etc directory)

Step 3: ls to check the list, (a similar list will appear)

Step 4: cd rsyslog.d  the command needs to be run next  and enter

Step 5: Check the list with cmd: ls

Step 6: Now modify the changes inside the remote.conf.

Step 7:  " vi remote.conf "

     Note 1. Please do the following changes inside the Forwarding rule section.

     Note: 2. Press" i "to insert a new line at the bottomand Assign an IP address and port for rsyslogd.

        # Remote Logging using UDP.

        # remote host is: name/ip:port, e.g. 192.168.0.1:514

        *.* @cce-ip:514

     Note 3: Uncomment the following lines in the UDP Syslog Server or TCP Syslog Server section of the configuration file. 

TCP example:

$ModLoad imtcp.so
$UDPServerAddress IP1
$InputTCPServerRun PORT2

UDP example:

$ModLoad imudp.so
$UDPServerAddress IP1
$UDPServerRun PORT2

1

The IP address of the interface for rsyslogd to listen on. If no address is given, the daemon listens on all interfaces.

2

Port for rsyslogd to listen on. Select a privileged port below 1024. The default is 514.

Step 8: To save the changes press Esc then write :wq! and enter.

Step 9: Now run the following command 

>>To restart services type the command

" systemctl restart rsyslog.service "

>>To check  the status type the command:  

" systemctl status rsyslog.service "

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Login to UI >> SYSTEM


STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.


Using CCE SERVER

“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .







Seceon Inc. All rights reserved. https://www.seceon.com