Syslog-ng Next-generation syslog server 1

Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

Download PPTX Report

Upload
ashley-stokes
View
255
Download
0

Embed Size (px)

Citation preview

Syslog-ng

Next-generation syslog server

Mode

• Polling– SNMP

• Notification– Syslog– Snmp trap

簡介• Syslog 透過 priority 及 facility 做分類

• Syslog-ng ： Customization

Facility Priority

messagesbootcronuserlocal0 ~ local7

EmergencyAlertCriticalErrorWarningNotificationInformationDebugging

Page 4: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

install

• 安裝 EPELrpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-7.noarch.rpm

• 安裝 syslog-ngyum install syslog-ng.i686

• 設定檔案/etc/syslog-ng.conf

Page 5: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

iptable

• vi /etc/sysconfig/ip6tables-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

• vi /etc/sysconfig/iptables-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

Page 6: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

source

source s_remote { udp( ip(10.10.4.19X) port(514) );};

source s_remote6 { udp6( ip("2001:e10:6840:4::1111") port(514) );};

Page 7: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

filter

filter f_dlinkwlan { facility(user); };

filter f_ciscowlan { facility(local4); };

filter f_isg2000 {host (10.10.4.16X);};

filter f_jrouter {host ("2001:288:0:1659::2222"); };

Page 8: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

destinationdestination d_router { file("/var/log/HOST/router/$HOST/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

destination d_jrouter { file("/var/log/HOST/router/JuniperMX960/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

destination d_isg2000 { file("/var/log/HOST/nat/$YEAR-$MONTH-$DAY/$HOUR/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

Page 9: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

log• log { source(s_remote); filter(f_router); destination(d_router); };

• log { source(s_remote6); filter(f_jrouter); destination(d_jrouter); };

Page 10: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

## 本地接收的 IP addresssource s_remote { udp( ip(10.10.4.19X) port(514) );};

## 遠端的 IP addressfilter f_isg2000 {host (10.10.4.16X);};

## 本地儲存的位置destination d_isg2000 { file("/var/log/HOST/nat/$YEAR-$MONTH-$DAY/$HOUR/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

## 整合各式條件log { source(s_remote); filter(f_isg2000); destination(d_isg2000); };

Page 11: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

## 本地接收的 IP addresssource s_remote6 { udp6( ip("2001:e10:6840:4::1111") port(514) );};

## 遠端的 IP addressfilter f_jrouter {host ("2001:288:0:1659::2222"); };

## 本地儲存的位置destination d_jrouter { file("/var/log/HOST/router/JuniperMX960/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

## 整合各式條件log { source(s_remote6); filter(f_jrouter); destination(d_jrouter); };

Page 12: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

Page 13: Syslog-ng Next-generation syslog server 1. Mode Polling – SNMP Notification – Syslog – Snmp trap 2

OptiCop Wavelength Interceptor TM · DWDM Switching Number of Channels Accessible 96max@50Ghz and 48 max @100Ghz Management Interfaces Ethernet 10/100 1 Telnet, SSH, SNMP, Syslog

Documents

Sourcefire 3D System for Enterprise Threat Managementissa-cp.org/downloads/August2007.pdfSourcefire 3D System Components Email, SNMP, Syslog,SSL Firewall, IPS, Switchers, Routers Configuration

Documents

RSA Security Analytics - · PDF file• Supports CEF, SNMP, syslog, SMTP data push for full integration in SIEM ... •NetWitness partners with the most trusted and reliable content

Documents

$61.132.52.8561.132.52.85/business1/uploadfiles/43629.367309675920569.pdf · (4T*4), WEB SNMP Trap. Syslog. ODBC\JDBC. FTP. SFTP. NetBIOSs OPSEC 3. VMWare. Hyper-V 4 s (Agent) Cisco$