Configuring an unsecure UDP syslog server

Last Updated : Jun 27, 2018 |

Procedure

  1. Configure the firewall to accept logs on UDP port 514. The following command is an example of how to configure the Linux firewall to allow remote logging from a host associated with IP address 1.2.3.4:

    If you plan to send logs from more than one Session Manager, you need to add a rule for each IP address.

    firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -s 1.2.3.4 -p udp --dport 514 -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 1 -s 1.2.3.4 -p udp --dport 514 -j ACCEPT
  2. Redirect the tracer messages to a specific file:
    1. Open the syslog's configuration file /etc/syslog.config with your favorite editor.
    2. Add the following line to the end of the file:

      local2.info -/var/log/tracer.log

    3. Write the file and close it.
  3. Enable logging from a remote system to syslog UDP port 514:
    1. Open the /etc/sysconfig/syslog file with your favorite editor.
    2. Modify SYSLOGD_OPTIONS to include the -r flag. For example, SYSLOGD_OPTIONS=”-r”.
    3. Write and close the file.
    4. Run the service syslog restart command to restart the syslog service.
    5. Run the command netstat -unpl | grep 514 to verify that syslog can listen on UDP port 514.

      The output should be similar to the following. The bold fields are the important fields to note: udp 0 0.0.0.0:514 0.0.0.0:* 21907/syslogd

  4. Configure the Session Manager:
    1. On the home page of the System Manager Web Console, under Elements, click Session Manager  > System Tools  > SIP Tracer Configuration.
    2. Verify that the Tracer Enabled checkbox is selected.
    3. Specify the remote syslog server FQDN or IP Address in the Remote Server FQDN or IP Address field.
    4. Select Syslog (unsecure UDP) from the Send Trace Method drop-down menu.
    5. Select one or more Session Manager instances in the Session Manager Instances table.
    6. Click Commit to cause all of the selected Session Manager instances to redirect the output to the remote syslog server.