SMP Portal configuring remote syslog hosts

John_Fleming — Mon, 17 Feb 2020 09:11:17 GMT

So this seems.. odd.. I signed up my 1550 into the SMP portal, which i'm not sure if i'm digging so far but thats another story.

I was poking around in syslog configuration and ran across this.

$ModLoad imuxsock.so
$LocalHostName |stuff|
$DefaultNetstreamDriverCAFile /opt/fw1/bin/ca-bundle.crt
$ActionSendStreamDriver ossl
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.Syslog
$template format,"%$YEAR% %timegenerated% %HOSTNAME% %syslogfacility-text%.%syslogpriority-text% %programname%: %msg%\n"
$outchannel msg_rotation,/var/log/messages, 204800,/pfrm2.0/bin/log_gzip.sh /var/log/messages
$outchannel ntf_rotation,/logs/notifications, 204800,/pfrm2.0/bin/log_gzip.sh /logs/notifications
*.info;mail.!* :omfile:$msg_rotation;format
mail.info :omfile:$ntf_rotation;format
*.info;mail.!* @mysyslogserver:514
*.info;mail.!* @209.87.212.13:514
*.info;mail.!* @209.87.212.16:514
*.info;mail.!* @209.87.212.14:514
*.info;mail.!* @209.87.212.15:514
*.info;mail.!* @209.87.222.192:514

I never configured the firewall to send syslog events to those addresses. I get the need for logs but OS logs? Again maybe its part of SMP and thats fine I guess.. but udp syslog? That just seems a bit strange. I sure hope there is some dynamic filtering going on and that those addresses aren't just open to the public at large.

Re: SMP Portal configuring remote syslog hosts

John_Fleming — Mon, 17 Feb 2020 15:27:06 GMT

oh and.. uh.. the default gaia web portal is enabled on those. Again seems.. um.. strange.

topic Re: SMP Portal configuring remote syslog hosts in Spark Firewall (SMB)

SMP Portal configuring remote syslog hosts

Re: SMP Portal configuring remote syslog hosts