I enabled both but not worked :(
On Tuesday, August 19, 2014 7:56 PM, James Lay <[email protected]> wrote: On 2014-08-19 08:36, Jason Long wrote: > Hello all. > I want to collect Windows log via Snare and forward them to my > Rsyslog linux server but i have some problem : > > Windows generate log properly and I test it via Event log and Snare. > I installed Snare on Windows and in "Network configuration" I set my > linux syslog server IP and change port to 514. > > on linux box, I turn of "iptables" service and add following rules to > /etc/sysconfig/iptables : > > -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT > > I also add this entry to "rsyslog.conf" : > > local5.* /var/log/winlog/win.log > > SYSLOGD_OPTIONS = "-r -m 0" > > $AllowedSender UDP, <my client IP> > > Can you tell me what is wrong? > _______________________________________________ You'll need to load the modules in rsyslog.conf: # provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 James _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
