SEC 350:Lab 2.2 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

• sudo psswd (username)- allows you to change the password for a user account on Vyos
• ssh key-gen- set up key for ssh
• set system syslog host (logger ip) facility authpriv level info- send authpriv info to logger on linux

---

drop in file

• sudo wget https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf- downloads code line
• cat 03-sec350.conf- shows code line
• copy line into Sudo nano /etc/rsyslog.d/03-sec350.conf

---

forward logs

• web01, done on device to forward from
• Sudo nano /etc/rsyslog.d/sec350.conf
• Sudo nano /etc/rsyslog.d/sec350-client.conf
• write the following two lines
• user.notice @172.16.50.5
• authpriv.* @172.16.50.5

---

• new logger location is ls -lR –color /var/log/remote-syslog/

• to access detailed version of logs, use the information from the previous command to fill in this, cat /var/log/remote-syslog/(DEVICENAME).(DATE).(LOGTITLE).log

• .d means directory, add a / and write more to create a usable file within the directory