Hello all. I want to collect Windows log via Snare and forward them to my Rsyslog linux server but i have some problem :
Windows generate log properly and I test it via Event log and Snare. I installed Snare on Windows and in "Network configuration" I set my linux syslog server IP and change port to 514. on linux box, I turn of "iptables" service and add following rules to /etc/sysconfig/iptables : -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT I also add this entry to "rsyslog.conf" : local5.* /var/log/winlog/win.log SYSLOGD_OPTIONS = "-r -m 0" $AllowedSender UDP, <my client IP> Can you tell me what is wrong? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
