This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Abeja_huhuhu
Contributor
‎2018-12-11 04:18 PM

How to configure sending logs to external syslog server from specific originating ip

Hi Guys,

i have some question. We has been requested to send gateway logs to externally manage syslog server. Currently this syslog server can only be connected thru site-to-site VPN which is handle by the same firewall gateway. So far we can see that the syslog traffic has been send from the firewall gateway to the syslog server. However, the syslogs traffic is originating from the firewall gateway public IP cluster interface. which is causing the traffic is not sent through the vpn tunnel. What i'm trying to find now is:

1. is it possible to specify the syslog traffic to be originating from specific firewall interface instead of the external interface ip?

2. is there any suggested way to send firewall gateway logs from the firewall gateway itself to externally manage syslog server?

just for your information. we are currently using R80.10

1 Reply
Prabulingam_N1
Advisor
‎2018-12-11 10:21 PM

Hi Abeja,

You can configure Management server to send the logs towards Syslog Server even in S2S tunnel rather sending from Firewall.

You can either use OPSEC or LogExporter and configure in Management Server.

So when this pass thru S2S no NAT take place.

S2S rule can have Source as Mgmt server & Destination as Syslog Server.

Probably you can use Logexporter (sk122323) method for Syslog format which is much easier to configure and no need of SIC between them.

Regards, Prabu

Labels