Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 2890 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure RSyslog for Sophos UTM

balaji2219
Hi All,

We need to configure RSyslog server running on RHEL 6.4, which will pull the logs from the Sophos UTM, then we will store these logs on Amazon S3.

It would be great if someone can give me step by step guide sort of thing, for configuring RSyslog server to work with Sophos UTM.

All environment is running on amazon cloud.

Regards,
Balaji.


This thread was automatically locked due to age.
Parents
  • 0
    Hi, what are you looking for exactly? 

    If you have rsyslog running and listening on tcp/udp port 514, then it is ready to receive. 
    You can create rules as to where to file the logs, e.g.


    # do this in FRONT of the local/regular rules
    $Template tpl,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DA                                                                                                        Y%.log"
    if $fromhost-ip != '127.0.0.1' then -?tpl
    & ~


    Barry
Reply
  • 0
    Hi, what are you looking for exactly? 

    If you have rsyslog running and listening on tcp/udp port 514, then it is ready to receive. 
    You can create rules as to where to file the logs, e.g.


    # do this in FRONT of the local/regular rules
    $Template tpl,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DA                                                                                                        Y%.log"
    if $fromhost-ip != '127.0.0.1' then -?tpl
    & ~


    Barry
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?