Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Abeja_huhuhu
Contributor

How to configure sending logs to external syslog server from specific originating ip

Hi Guys,

i have some question. We has been requested to send gateway logs to externally manage syslog server. Currently this syslog server can only be connected thru site-to-site VPN which is handle by the same firewall gateway. So far we can see that the syslog traffic has been send from the firewall gateway to the syslog server. However, the syslogs traffic is originating from the firewall gateway public IP cluster interface. which is causing the traffic is not sent through the vpn tunnel. What i'm trying to find now is:

1. is it possible to specify the syslog traffic to be originating from specific firewall interface instead of the external interface ip?

2. is there any suggested way to send firewall gateway logs from the firewall gateway itself to externally manage syslog server?

just for your information. we are currently using R80.10

1 Reply
Prabulingam_N1
Advisor

Hi Abeja,

You can configure Management server to send the logs towards Syslog Server even in S2S tunnel rather sending from Firewall.

You can either use OPSEC or LogExporter and configure in Management Server.

So when this pass thru S2S no NAT take place.

S2S rule can have Source as Mgmt server & Destination as Syslog Server.

Probably you can use Logexporter (sk122323) method for Syslog format which is much easier to configure and no need of SIC between them.

Regards, Prabu

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events