Highlighted
Absent Member.
Absent Member.
1164 views

Please tell me how to use syslog connecter(syslog daemon)

I'm begginer of arcsight developper.

So maybe it silly question but I'd like to ask you guys to answer question below.

Current Situation

-ESM manager is working.(I can see other log event from console)

-The installation of syslogConnector is complete.

-Syslog server is runnning now.

-All servers are Linux OS(RedHat).

(When I wrote log from server, was not Syslog server, Syslog server can collect log content)

-I installed connector to connector server that is not syslog server.

Where should I install connector?(install to connector server? or install to Syslog server?)

What is connector setup parameters?

(Network port,IP Address,Protcol,Forwarder)

Now I set Syslog parameters to connector setting parameter.

Thank you for your cooperation.

Labels (1)
Tags (1)
0 Likes
Reply
9 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Hi Tanaka,

Please refer the below

1>

Edit the /etc/syslog.conf or /etc/rsyslog.conf file and make the following entry at the end of the file to enable logging:

*.info      @loghost.mydomain.com

Configure the iptables to allow the log forwarding from the linux machine using the syslog port (UDP 514)

Restart the Syslog service.

2>

One Syslog to another Syslog server :

Tech Tip: Enable remote logging with syslog - TechRepublic

Where should I install connector?(install to connector server? or install to Syslog server?)

Install on Connector Server (Follow 1>). Recommended.

What is connector setup parameters?

Syslog Listening Ip (Linux server Ip's) or "ALL" will do

Port : 514 (Default) else if custom configured

UDP for Unix and TCP for any Long message & application logs.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Thank you for your reply.

I read PDF file and I found a sentence "syslogd-compatible daemon designed to work in operating systems that have no syslog daemon in their default configuration".

It means Redhat OS can't use syslog daemon smartconnector right?

If I'd like to use Syslog connector on RedHat OS, I should use Syslog pile or File Smartconnector right?

thank you for your cooporation.

0 Likes
Reply
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Yes Tanaka. If it is same server u got to use pipe or file. U can configure other syslog servers to remotely send logs to ur central syslog server and deploy ur connector there or other machine.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Thank you for your help.

Finally I can fix it!

I stopped default syslog daemon.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Hi Balahasan,

So as you said, if I have installed smartconnector on Linux 6.5 and I need to receive the cisco switch logs to my smartconnector , I should not install the Syslog Daemon agent on my machine. I should use pipe or file rather?

I have smartconnector installed on Linux 6.5 and Added a syslog Daemon connector but still no logs reaching to connector. Could above statement be the reason for this issue?

Thanks,

Amar

0 Likes
Reply
Highlighted
New Member.

You need the syslog daemon since you are receiving logs from another device. Make sure that the local firewall port allows your syslog port and that any network firewall allows traffic from source device (Cisco) to syslog daemon on syslog port.

0 Likes
Reply
Highlighted
Established Member..
Established Member..

Hi Team, Greetings, I have the same issue and  i could not see any Linux logs in my logger web interface. The requirement is, We need to collect all the logs form Redhat linux  5 series and 6 series machines. Firstly i have installed syslog demon connector on windows machine. I have edited syslog.conf file in redhat 5 series Linux machines and add the line item #*.* @remote-host:514, replacing remotehost with my syslog smartconnector IP address For redhat 6 series Linux machines, I have edited rsyslog.conf file and add the line item #*.* @remote-host:514, replacing remotehost with my syslog smartconnector IP address. After that i have restarted the syslog services and IP table is also disabled. But still i could not see the logs. Any suggestions or screen shots for enabling syslog on Redhat Linux 5 series and 6 series  would be more helpful.

0 Likes
Reply
Highlighted
New Member.

Remove the "#" from the line. That symbol comments out the line. Also ensure that any firewalls in between the device and the syslog daemon (including the local Windows firewall) has the relevant port open.

0 Likes
Reply
Highlighted
Established Member..
Established Member..

Hi Vijay, Thank you. I have removed it # and let me check the firewall.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.