Reset Search
 

 

Article

KB44770 - How to configure vWAF to send logs to a syslog server

« Go Back

Information

 
Last Modified Date3/31/2021 8:43 PM
Synopsis
This article talks about configuring vWAF to send WAF logs to a syslog server.
Problem or Goal
vWAF can be configured to send syslogs in formats including syslog-cef, syslog-csv, syslog-rfc5424 and standard syslog.
Cause
Solution
In order to configure server address, we need to add the entry in zeusafm.conf file, the path for this file is as below:

$ZEUSHOME/zxtm-<your-version>/conf_<either A or B depending on which is present>/zeusafm.conf

($ZEUSHOME is the installation directory, e.g. /usr/local/zeus or /opt/zeus, etc) 

For example, on a single vTM appliance running version 20.3, the above location could look like this:

/opt/zeus/zxtm-20.3/conf_B/zeusafm.conf 

Edit the above file using an editor like vi or nano after logging into vTM via SSH and append the server IP to line "slaveLogBackend" with file path and type of back-end ( either syslog, syslog-cef, syslog-csv or syslog-rfc5424 based on format of syslog you would like to send ). For example, to send logs in rfc5424 format, edit line as below:

slaveLogBackend file:${ZEUSHOME}/log/stingrayafm/log,syslog-rfc5424:<Ip of server here>

This would trigger a restart of WAF for setting change to take effect.




 
Related Links
Attachment 1 
Created ByRohit Shetty

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255