-
Notifications
You must be signed in to change notification settings - Fork 523
Syslog
From https://syslog-ng.org:
syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools.
Security Onion uses syslog-ng as its primary syslog collector and to send logs to ELSA.
syslog-ng's configuration file is located at /etc/syslog-ng/syslog-ng.conf
Syslog-ng can be integrated with third-party systems to forward Bro, OSSEC, or IDS alerts.
For more information about syslog-ng, please see:
https://syslog-ng.org/
syslog-ng listens on port 514 (TCP and UDP) for incoming syslog from other devices (you may need to run so-allow to allow traffic from the IP address of your syslog sender). This gives you basic log collection. If you'd like those logs collected from other devices to be analyzed, another option is to configure OSSEC to receive syslog directly on a port other than the syslog-ng port of 514:
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.remote.html
http://www.ossec.net/ossec-docs/OSSEC-book-ch3.pdf
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs