Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => all application on unix knowledges by golfreeze => Topic started by: golfreeze on กันยายน 18, 2021, 03:25:47 PM

Title: security onion send syslog to sensor node howto so2.3
Post by: golfreeze on กันยายน 18, 2021, 03:25:47 PM: ===== send syslog to sensor node. [normally syslog send to master node only]
https://docs.securityonion.net/en/2.3/firewall.html?highlight=syslog#allow-hosts-to-send-syslog-to-a-sensor-node

==step1 run on master
so-firewall addhostgroup syslogtosensor1

==step2 run on master
so-firewall includehost syslogtosensor1 ipของsyslog-ngที่จะส่งไปsensor

==step3 run on master “sensor_heavynode.sls” => /opt/so/saltstack/local/pillar/minions/<HOSTNAME>_<ROLE>.sls
/opt/so/saltstack/local/pillar/minions/sensor_heavynode.sls
firewall:
assigned_hostgroups:
chain:
DOCKER-USER:
hostgroups:
syslogtosensor1:
portgroups:
- portgroups.syslog

==step4 run on master salt <HOSTNAME>_<ROLE> state.apply firewall
salt sensor_heavynode state.apply firewall

==step5 : run on sensor node
==check and view see connection establish for source_log send to sensor_ip
netstat -na | grep 514

Powered by SMF 2.0.11 | SMF © 2006-2009, Simple Machines LLC
SMFAds for Free Forums