Logging to Syslog Server

Home Page Forums Network Management ZeroShell Logging to Syslog Server

This topic contains 5 replies, has 0 voices, and was last updated by  redtdi 2 years, 3 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41657

    redtdi
    Member

    Is it possible to log ZeroShell events to a remote syslog server?

    Thanks,
    Ken

    #48057

    imported_fulvio
    Participant

    Zeroshell is able to act either as syslog collector for other hosts or syslog client. To configure the syslog daemon to send the messages to an external syslog server just use the link [Logs][Configure]:

    – enable the flag [Send logs to remote Syslog];

    – specify the [Remote Syslog IP].

    Regards
    Fulvio

    #48058

    Dongl
    Member

    Hello

    I’m really new in this Forum and need Help to make a successfully configuration to Syslog the Proxy Log.

    What I did is…javascript:emoticon(‘:!:’)
    HTTP Proxy / Proxy Log / Logviewer / Logmanager Setup
    and make follow settings..
    crossing / Send logs to remote Syslog / typ the IP of my Syslog Server.
    Both devices are in the same Network-Range.

    The Syslog Server runs on a Synology, and receive Logs from different devices.

    My Version is ZS 3.3.2
    Hope somebody has a Idea, to make me luky 😉

    greetings
    Dongl

    #48059

    Dongl
    Member

    Not really big traffic at this Topic and forum ,….

    Can anyone help me to get logs to my Synology Syslog Server?

    I see on my Zeroshell some traffic over port 514 but my Synology receive nothing, if I test my Synology with another Clients, its works.
    So please help me to find a Solution.

    Dongl

    #48060

    julowe
    Participant

    Dongl – I’m not familiar with synology syslog, but I was just toying with Zeroshell’s syslog so thought I would add some info in case it helps you.

    zeroshell’s version of syslog does not seem able to send messages over tcp (haven’t poked at enough yet to verify for sure), so that might be your problem. my system was initially only set to receive tcp.

    also if possible run netcat on your synology server and see if any messages are coming through from zeroshell (or some other way to do packet sniffing on your network)

    nc -lu -p 514

    this showed that zeroshell was indeed broadcasting messages for me.

    #48061

    Dongl
    Member

    Hallo again,

    the Zeroshell is still running, but I have still Troubles with Syslog,

    I can see in the CNTop Window follow entry:

    udp 192.168.100.14 514 192.168.100.217 514 3.22 MB 0.00 B 18.35 Kb/s
    at Connection Tracking:

    dp 17 29 src=192.168.100.14 dst=192.168.100.217 sport=514 dport=514 packets=21038 bytes=4403927 [UNREPLIED] src=192.168.100.217 dst=192.168.100.14 sport=514 dport=514 packets=0 bytes=0 mark=0 use=1

    zersoshell = 192.168.100.14
    Syslog Server= 192.186.100.217

    The Syslog Server is runing and receive logs from another devices as well.

    Can anyone tell me which Setting I have to set?

    best regard

    Markus

    #48062

    Dongl
    Member

    I think importand update….

    If I check with wireshark at the Syslog Server, I didnt get any Syslog Package from Zeroshell.

    So it Looks like that Zeroshell destroy the Syslog packets.

    Has anyone a idea what I have to do?

    BR

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.