I have a debian linux server which receives Stormshield firewall logs and I need to configure a specific log file in which they would all be written
I guess I have to work around logrotate but I can't figure out how to do it.
The logs look like this :
92.168.2.253 → 10.22.5.58 Syslog 758 USER.WARNING: 1 2021-12-22T10:45:38 01:00 FW-STORMSHIELD asqd - - - \357\273\277id=firewall time="2021-12-22 10:45:38" fw="FW-STORMSHIELD" tz= 0100 startime="2021-12-22 10:45:35" pri=4 confid=01 slotlevel=2 ruleid=56 rulename="17b8311aa81_10e" srcif="Ethernet5" srcifname="DMZ-OPENVPN" ipproto=tcp dstif="Ethernet0" dstifname="internet" proto=ssl src=192.168.13.153 srcport=64722 srcportname=port-tcp-sup srcname=P-WINSAV-007-alegal srcmac=00:0c:22:12:fd:82 dst=145.240.201.174 dstport=443 dstportname=https dstname=drive.google.com dstcontinent="na" dstcountry="us" modsrc=96.35.166.98 modsrcport=27922 ipv=4 action=block msg="ChangeCipherSpec trop t\303\264t" class=protocol classification=0 alarmid=312 target=dst repeat=2 l
Do you have any idea ?
Thank you for your time.
CodePudding user response:
Have a look into this guide to enable syslog on stormshield. After enabling it, the log messages generated by stromshield should "automatically" get written to the syslog main Q from where they will (probably) be logged into /var/log/syslog.