为Linux中的防火墙日志配置特定的日志文件
[英]Configure specific log file for firewall logs in Linux
问题描述
I have a debian linux server which receives Stormshield firewall logs and I need to configure a specific log file in which they would all be written
我有一个接收 Stormshield 防火墙日志的 debian linux 服务器,我需要配置一个特定的日志文件,它们都将被写入其中
I guess I have to work around logrotate but I can't figure out how to do it.我想我必须解决 logrotate 但我不知道该怎么做。
The logs look like this:日志如下所示:
92.168.2.253 → 10.22.5.58 Syslog 758 USER.WARNING: 1 2021-12-22T10:45:38+01:00 FW-STORMSHIELD asqd - - - \357\273\277id=firewall time="2021-12-22 10:45:38" fw="FW-STORMSHIELD" tz=+0100 startime="2021-12-22 10:45:35" pri=4 confid=01 slotlevel=2 ruleid=56 rulename="17b8311aa81_10e" srcif="Ethernet5" srcifname="DMZ-OPENVPN" ipproto=tcp dstif="Ethernet0" dstifname="internet" proto=ssl src=192.168.13.153 srcport=64722 srcportname=port-tcp-sup srcname=P-WINSAV-007-alegal srcmac=00:0c:22:12:fd:82 dst=145.240.201.174 dstport=443 dstportname=https dstname=drive.google.com dstcontinent="na" dstcountry="us" modsrc=96.35.166.98 modsrcport=27922 ipv=4 action=block msg="ChangeCipherSpec trop t\303\264t" class=protocol classification=0 alarmid=312 target=dst repeat=2 l
Do you have any idea?你有什么主意吗?
Thank you for your time.感谢您的时间。
1 个解决方案
解决方案1
0 2021-12-22 10:08:23
Have a look into this guide to enable syslog on stormshield.查看本指南以在stormshield上启用系统日志。 After enabling it, the log messages generated by stromshield should "automatically" get written to the syslog main Q from where they will (probably) be logged into /var/log/syslog .启用它后,由 stromshield 生成的日志消息应该“自动”写入 syslog 主 Q,它们将从那里(可能)被记录到/var/log/syslog中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.