Syslog Server
Syslog Server
Hello, I have a CentOs 7.6.1810 and I need to create a syslog server that receives syslog messages from a remote source, and forward it logs to a remote server, but does not send its own logs.
For example, I have this scenario:
A. Remote Syslog source (10.10.10.1)
B. Syslog Server (CentOs) (10.10.10.2)
C. Remote SIEM (20.20.20.1)
So, I need "B" to receive the logs from "A" and forward the logs from "A" to "C", but without sending its own logs ("B").
Can someone help me? I have very basic knowledge of Linux.
For example, I have this scenario:
A. Remote Syslog source (10.10.10.1)
B. Syslog Server (CentOs) (10.10.10.2)
C. Remote SIEM (20.20.20.1)
So, I need "B" to receive the logs from "A" and forward the logs from "A" to "C", but without sending its own logs ("B").
Can someone help me? I have very basic knowledge of Linux.
Re: Syslog Server
Is forwarding the only thing that B does, or does it log (A's messages) too?
Package rsyslog provides rsyslog.service. Documentation can be read with:
and http://www.rsyslog.com/doc
I have no idea, whether rsyslog's rules can filter/forward as you want.
Package rsyslog provides rsyslog.service. Documentation can be read with:
Code: Select all
man rsyslod
man rsyslog.conf
I have no idea, whether rsyslog's rules can filter/forward as you want.
Re: Syslog Server
CentOS 7.6.1810 is out of date, you may want to run yum update to get 7.8.2003.
Re: Syslog Server
Just forwarding A's messages, B's, which are its own messages, I don't need it to send them to any destination.jlehtone wrote: ↑2020/09/15 11:51:26Is forwarding the only thing that B does, or does it log (A's messages) too?
Package rsyslog provides rsyslog.service. Documentation can be read with:and http://www.rsyslog.com/docCode: Select all
man rsyslod man rsyslog.conf
I have no idea, whether rsyslog's rules can filter/forward as you want.
Re: Syslog Server
Because A needs to send his messages to three destinations, but he only has the ability to send them to one. That's why the syslog server (B) was put in the middle.
Well that's another way, but I don't know how to do it either, as I said in the original post, I have very little knowledge of Linux.
Well that's another way, but I don't know how to do it either, as I said in the original post, I have very little knowledge of Linux.
Re: Syslog Server
Because A needs to send his messages to three destinations, but he only has the ability to send them to one. That's why the syslog server (B) was put in the middle.
Well that's another way, but I don't know how to do it either, as I said in the original post, I have very little knowledge of Linux.
Re: Syslog Server
Okay, so the initial description did omit that A has to send to C, D, and E, but can only reach B.
The B should thus send (everything received from A) forward to C, D, and E.
If A would send everything in three copies to three different ports to B, then B could forward each port to different destination (C, D, E).
That assumes that A can do that.
If A sends to rsyslogd of B, then rsyslod has to send to the other three servers. I presume that documetation of rsyslog does explain that.
An additional point is that firewall of B must allow A to connect. CentOS does use FirewallD by default.
https://access.redhat.com/documentation ... _firewalls
The B should thus send (everything received from A) forward to C, D, and E.
If A would send everything in three copies to three different ports to B, then B could forward each port to different destination (C, D, E).
That assumes that A can do that.
If A sends to rsyslogd of B, then rsyslod has to send to the other three servers. I presume that documetation of rsyslog does explain that.
An additional point is that firewall of B must allow A to connect. CentOS does use FirewallD by default.
https://access.redhat.com/documentation ... _firewalls