Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jfmoral
Participant

Send Radware syslog messages to Smart Event

Hi.

Does anyone know how can I see syslog messages sent by Radware DDoS appliances in SmartEvent?

I've already configured syslog in Radware Appliances, and I selected the "Accept syslog messages" on SmartEvent configuration.

Do I have to configure something special to receive syslog messages?

 

Thanks in advance.

SmartEvent Smart-1 Appliances 

0 Kudos
9 Replies
the_rock
Champion
Champion

Im not personally aware of any special config. Is there communication back and forth?

 

Andy

0 Kudos
jfmoral
Participant

Yes, I created a special rule to permit traffic between Radware appliances and SmartEvent.

I don't see any syslog traffic.

0 Kudos
the_rock
Champion
Champion

Can you run zdebug on the fw to see if traffic is getting dropped?

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos
jfmoral
Participant

DDoS Appliances were implemented by a Radware engineer, those appliances are working correctly and don't have Analytics License, that's why the customer want to send the syslog messages to SmartEvent.

0 Kudos
the_rock
Champion
Champion

If I were you, I would do some captures on the firewall to make sure thats not blocking this traffic.

0 Kudos
jfmoral
Participant

Yes, tomorrow I will capture traffic.

I'll share you the results.

the_rock
Champion
Champion

Here are commands I would run...say Radware ip is 10.10.10.100, I would run below commands:

tcpdump -nni any host 10.10.10.100

fw monitor -e "accept host(10.10.10.100);"

fw monitor -F '10.10.10.100,0,0,0,0' -F '0,10.10.10.100,0,0,0'

fw ctl zdebug + drop | grep 10.10.10.100

Andy

0 Kudos
_Val_
Admin
Admin

In addition to what PhoneBoy said, you may want to look into sk55020 as well

0 Kudos