Syslog Collector Plugin - 5thColumn/Revolver-wiki-archive GitHub Wiki
The Syslog Collector plugin listens for incoming Syslog messages from configured devices and delivers them to BOSS. Supported Syslog Sources include:
- Cisco ASA firewalls
- Cisco Next-Generation IPS (NGIPS)
- Cisco Meraki devices
- Fortinet firewall
- Fortinet switches
- Fortinet wireless devices
- Microsoft domain controllers
- Palo Alto firewalls (traffic and threat logs)
- PFSense firewalls
- SonicWall firewalls
To configure:
- Log in to your Revolver instance and navigate to Manage Plugins.
- Select the arrow next to Syslog Collector to expand the section and see the fields required for configuration.
- Select a listener port (default is 5140). Note: The lowest port you can select is 2055 (if it's not already in use by another plugin).
- Select Configure.
- You will receive a notification that the plugin is in the process of being configured. After a few moments, you will receive a second notification that the plugin has been configured and is ready for use. Note: If you receive an error notice after configuring the plugin, select Configure again. If the error persists, contact the support team.
- Configure your firewalls using the following as a guide:
[Meraki]
This document is from the internet. So, if anyone has an exact configuration, please update it.
Navigate to Network-Wider > Configure > General, then you will see a section for ‘Reporting’.
Click on the ‘Add a syslog server’
Set the Revolver IP as ‘Server IP’, and set port 5140 as ‘Port’, for the ‘Roles’, looks like we put all on the lists(this can be tuned by server admin’s request)
[Fortigate]
Go to Log & Report > Log Setting.
Click the Syslog Server tab.
Click Add to display the configuration editor.
Complete the configuration as described in Table 124.
Save the configuration.
Ref: https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/log_remote.htm
Release Notes
Current Version: 1.3