From the course: Protecting Your Network with Open Source Software

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Log forwarding: Part 2

Log forwarding: Part 2

From the course: Protecting Your Network with Open Source Software

Start my 1-month free trial

Log forwarding: Part 2

- [Instructor] Let's install syslog-ng on our Ubuntu router. Type sudo apt-get install syslog-ng , press ENTER. Type Y and press ENTER. Let's check if our syslog-ng service is up and running, type systemctl status syslog-ng, press ENTER, it's active. Press Q to exit. The syslog-ng service is running on our Ubuntu router which is the same host where Snort is installed. We'll forward Snort log messages through the syslog-ng log service, then we'll forward the same log messages to a centralized log server. The centralized log server solution we'll be using is Kiwi. Let's go to the syslog-ng configuration file by typing cd /etc/syslog-ng/, press ENTER. Type ls, press ENTER and you can see that syslog-ng.conf file here. Type sudo nano syslog-ng.conf, press ENTER. Let's do a search and look for the term destination, press CTRL+W together, type destination, press ENTER. We'll create our own destination here…

Contents