Lab02 Logging - Henryisgreat/TechJournal GitHub Wiki
Log01
- Re-comment modload and udpserverRun lines in /etc/rsyslog.conf
- Wget config file for logs
Cd /etc/rsyslog.d
Wget http://10.0.17.3/sec350/03-sec350.conf
Systemctl restart rsyslog
- RECREATE LOG TEST FROM WEB01 IN LAB01
- Cat /var/log/remote-syslog/web01-henry/DATE (to view results)
- Instal tree
Web01 Authpriv logging
- Modify /etc/rsyslog.d/sec350.conf
ADD authpriv.* @172.16.50.5
- Fail to ssh into web01 from rw01
- On log01 view the logs
Ls cat /var/log/remote-syslog/web01-henry/DATE
FW01 logging (VYOS)
- Adjust config to send auth messages from fw01 to log01
Set system syslog host 172.16.50.5 facility authpriv level info
Commit
Save
Log01 (Cont)
- Splunk user: henry
- Splunk pass: *******
- Download and start splunk
Wget -c http://10.0.17.3/sec350/splunk-8.0.5.rpm