Author Topic: security onion send syslog to sensor node howto so2.3 (Read 6455 times)

golfreeze · « **on:** กันยายน 18, 2021, 03:25:47 PM »

===== send syslog to sensor node. [normally syslog send to master node only]
https://docs.securityonion.net/en/2.3/firewall.html?highlight=syslog#allow-hosts-to-send-syslog-to-a-sensor-node

==step1 run on master
so-firewall addhostgroup syslogtosensor1

==step2 run on master
so-firewall includehost syslogtosensor1 ipของsyslog-ngที่จะส่งไปsensor

==step3 run on master “sensor_heavynode.sls” => /opt/so/saltstack/local/pillar/minions/<HOSTNAME>_<ROLE>.sls
/opt/so/saltstack/local/pillar/minions/sensor_heavynode.sls
firewall:
assigned_hostgroups:
chain:
DOCKER-USER:
hostgroups:
syslogtosensor1:
portgroups:
- portgroups.syslog

==step4 run on master salt <HOSTNAME>_<ROLE> state.apply firewall
salt sensor_heavynode state.apply firewall

==step5 : run on sensor node
==check and view see connection establish for source_log send to sensor_ip
netstat -na | grep 514

Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

News:

Author Topic: security onion send syslog to sensor node howto so2.3 (Read 6455 times)

golfreeze

security onion send syslog to sensor node howto so2.3