Syslog Server

Support for security such as Firewalls and securing linux
Post Reply
zamoralan
Posts: 1
Joined: 2020/09/14 15:51:04

Syslog Server

Post by zamoralan » 2020/09/14 16:11:06

Hello, I have a CentOs 7.6.1810 and I need to create a syslog server that receives syslog messages from a remote source, and forward it logs to a remote server, but does not send its own logs.

For example, I have this scenario:

A. Remote Syslog source (10.10.10.1)
B. Syslog Server (CentOs) (10.10.10.2)
C. Remote SIEM (20.20.20.1)

So, I need "B" to receive the logs from "A" and forward the logs from "A" to "C", but without sending its own logs ("B").

Can someone help me? I have very basic knowledge of Linux.

User avatar
jlehtone
Posts: 3021
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Syslog Server

Post by jlehtone » 2020/09/15 11:51:26

Is forwarding the only thing that B does, or does it log (A's messages) too?

Package rsyslog provides rsyslog.service. Documentation can be read with:

Code: Select all

man rsyslod
man rsyslog.conf
and http://www.rsyslog.com/doc

I have no idea, whether rsyslog's rules can filter/forward as you want.

tunk
Posts: 760
Joined: 2017/02/22 15:08:17

Re: Syslog Server

Post by tunk » 2020/09/15 15:15:37

CentOS 7.6.1810 is out of date, you may want to run yum update to get 7.8.2003.

Post Reply

Return to “CentOS 7 - Security Support”