Configure the firewall to accept connections/logs on the stunnel TCP port from the Session Manager. Assuming the syslog server can listen to stunnel port 50614 and the Session Manager has an IP address of 1.2.3.4, the following is an example of the command to configure the firewall:
Open the syslog's configuration file /etc/syslog.config with your favorite editor.
Add the following line to the end of the file: local2.info -/var/log/tracer.log
Write the file and close it.
Enable internal logging from a remote system to syslog UDP port 514:
Open the file /etc/sysconfig/syslog with your favorite editor.
Modify SYSLOGD_OPTIONS to include the -r flag. For example, SYSLOGD_OPTIONS=”-r”
Write and close the file.
Run the command service syslog restart to restart the syslog service.
Run the command netstat -unpl | grep 514 to verify that syslog can listen on UDP port 514.
The output should be similar to the following. The bold fields are the important fields to note: udp 0 0.0.0.0:514 0.0.0.0:* 21907/syslogd
Enter the command mknod /dev/udp c 30 36 to redirect the UDP output to the Linux server.
If a self-signed certificate does not exist, create the certificate with the command openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
Using your favorite editor, create the stunnel configuration file /etc/stunnel/stunnelSyslogServer.conf
Open the stunnel configuration file and do the following:
Enter the line cert = /etc/stunnel/stunnel.pem
Enter a blank line.
Enter the line [ssyslog]
Enter the line accept = IP_ADDRESS:STUNNEL_PORT, where IP_ADDRESS is the IP address of the server. The IP address must match the value that you will enter in the Remote Server FQDN or IP Address field on the Tracer Configuration screen. STUNNEL_PORT is the port that is used to communicate with the Session Manager.
Important:
Do not omit the colon between the IP address and stunnel port. For example, 1.2.3.4:50614
Enter connect = 127.0.0.1:50614
Enter verify = 1
Write and close the file.
Start the stunnel server process by entering the command stunnel /etc/stunnel/stunnelSyslogServer.conf
Verify that the stunnel process is running by entering the command pgrep stunnel. The output should display the process ID number of the listening stunnel.
Start the stunnel forwarding process by entering the command nc -k -l 50614 | tr '\n' '\0' | xargs -O -L 1 echo '<151>' > /dev/upd/127.0.0.1/514
Configure the Session Manager:
On the home page of the System Manager web console, under Elements, click Session Manager > System Tools > SIP Tracer Configuration.
Verify the Tracer Enabled check box is selected.
Select the Send Trace to a Remote Server check box.
Specify the remote syslog server FQDN or IP Address in the Remote Server FQDN or IP Address field.
Select Stunnel (encrypted TCP) from the Send Trace Method drop-down menu.
Specify the remote stunnel port on which the remote stunnel server listens.
Select one or more Session Manager instances in the Session Manager Instances table.
Click Commit to cause all of the selected Session Manager instances to redirect the output to the remote syslog server.
