SEC 335 Lab 2.2 - DefiantCoder/Tech-Journals GitHub Wiki

Authpriv Messages on Linux Systems:

on the server Modify the /etc/rsyslog.conf and comment out the following lines

Add new custom config to /etc/rsyslog.d/<config_name>.conf the below is the code used

module(load="imudp")
input(type="imudp" port="514" ruleset="RemoteDevice")
template(name="DynFile" type="string"
	string="/var/log/remote-syslog/%HOSTNAME%/%$YEAR%.%$MONTH%.%$DAY%.%PROGRAMNAME%.log"
)
ruleset(name="RemoteDevice"){
	action(type="omfile" dynaFile="DynFile")
}

open the file and add the following (the IP is for the log machine)

sudo vi /etc/rsyslog.d/sec350-client.conf

restart the rsyslog since you made changes

sudo systemctl restart rsyslog

Forward Authentication events from vyos:

Configure
Set system syslog host <log-ip> facility authpriv level info
Commit
Save

Reflection:

One issue I have run into multiple times is forgetting to switch from manual to automatic, in the future I need to be more aware of this Another issue is that i cannot use remote desktop for mgmt01. no matter what i do i receive errors which i detail in the lab 2.2 document. I will discuss this with Devin to attempt to resolve the issue

SEC 335 Lab 2.2 - DefiantCoder/Tech-Journals GitHub Wiki

Authpriv Messages on Linux Systems:

Forward Authentication events from vyos:

Reflection:

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️