Syslog aggregation

[Kirk McCann]

I am trying get all my system logs sent to elsa which is built in to security onion.  

I have a system set to send logs to the ip of the sec onion ip.

I have allowed the ip in the sec onion firewall.

However I do not see the system connecting to sec onion when I run a netstat -n | grep 514.

Any assistance would be appreciated.

Thanks,

Kirk

[Kevin Wilcox]

On Sunday, 10 April 2016, Kirk McCann <kirk....@gmail.com> wrote:

I am trying get all my system logs sent to elsa which is built in to security onion.  

I have a system set to send logs to the ip of the sec onion ip.

I have allowed the ip in the sec onion firewall.

However I do not see the system connecting to sec onion when I run a netstat -n | grep 514.

Do you see the outbound connection attempt from the sender?

Is there a firewall or router ACL that may stop it?

Did you append the rule to allow 514 or insert it (or did you do it through ufw?)?

kmw

[Kirk McCann]

Thanks I just needed to add the firewall rule. Iptables was significantly different than just the basic iptables setup.

[Doug Burks]

On Thu, Sep 8, 2016 at 6:11 AM, Kirk McCann <kirk....@gmail.com> wrote:
> Thanks I just needed to add the firewall rule. Iptables was significantly different than just the basic iptables setup.

Hi Kirk,

For more information, please see the Firewall page on our Security Onion wiki:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Firewall


--
Doug Burks