Syslog Organization - nicolas-tullio/Tech-Journal GitHub Wiki

Changing default VyOS password:

set system login user vyos authentication plaintext-password [password]

Keybased SSH Connections

1. Install SSH on both devices
2. Permanently allow SSH through firewall on both devices (port 22)

3. ssh username@IP_ADDRESS

4. Reply yes to the fingerprint

How to log authpriv messages

1. Add the following to the /etc/rsyslog.d/sec350 file on the rsyslog client:

authpriv.* @IP_OF_LOG_SYSTEM

2. This can be tested by connecting via ssh and failing a password attempt

Drop in Rsyslog config

Drop a custom rsyslog config file onto the log machine here:

/etc/rsyslog.d/sec350.conf

Forward logs from VyOS

In configure mode in VyOS, enter the following:

set system syslog host IP_OF_LOG_SYSTEM facility authpriv level info

• Remember to commit and save