Syslog-ng is the native and recommended logging service for Zorp. Its configuration is stored in the /etc/syslog-ng/syslog-ng.conf file.
For more detailed information and instructions on system logging, see chapter Syslog-ng, the Syslog reference manual accessible from Appendix A, and the installed manual pages for both syslog-ng (the utility) and syslog-ng.conf (the configuration file).
After editing and saving the syslog-ng.conf file manually, restart the service by running the /etc/init.d/syslog-ng script with the restart/reload arguments. Its default configuration under Zorp routes all relevant system, ISC BIND 9 and NTP messages to the /var/log/messages file and also to the console, /dev/tty8.
If you have a separate, central syslog-ng server for collecting messages from critical network hosts, such as the firewall(s), you can route (log) messages using the following steps.
Set up a new destination of TCP or UDP type, with the IP address of your syslog-ng server, in
syslog-ng.confon the firewall.Example 10.1. Specifying the target IP address of a TCP destination The IP address of the syslog-ng server is 10.20.30.40 in this example.
destination d_tcp { tcp("10.20.30.40" port(1999); localport(999)); };Supplying port information is optional; if port number is not set, the default ports are used.
Decide what sources (s1, s2 here) shall be logged to the syslog-ng server and set up a log path accordingly. Note that filters are optional.
log { source(s1); source(s2); filter(f1); destination(d_tcp); };Define a source on the syslog-ng server with the IP address of the firewall sending log messages.
Note Specify the port numbers carefully. The corresponding ports must match on both sides.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
