From the syslogd manual page:
Code:
-h By default syslogd will not forward messages it receives from
remote hosts. Specifying this switch on the command line will
cause the log daemon to forward any remote messages it receives
to forwarding hosts which have been defined. This can cause
syslog loops that fill up hard disks quite fast and thus needs
to be used with caution.
So edit /etc/default/syslogd and add the "-h" option to the SYSLOGD variable. The configuration on your box will probably end up looking something like:
Is there a reason why you don't have the Juniper and Fortinet devices log directly to your SEIM server? It seems weird to relay the events through your Linux box.
Also, you might want to check out Syslog-NG (http://www.balabit.com/network-security/syslog-ng/). If you're looking at turning a Linux box into a central syslog server for your network, Syslog-NG is definitely the right way to go.
Bookmarks