Get your syslog out

Information and support for EnvisaLink modules.

Moderators: GrandWizard, EyezOnRich

Posts: 2
Joined: Sun Apr 26, 2020 5:21 pm

Get your syslog out

Postby vinistois » Fri May 22, 2020 5:36 pm

Envisalink has decided to restrict syslog to its own local subnet, which for some reason they have defined as matching the last octet of the ip address

Many users have the envisalink in a different subnet. This is one way to get the syslog out of there and do whatever you want with it.

Start a linux box / a raspberry pi / a vm / or whatever in the subnet your envisalink shares

Code: Select all

install rsyslog

Code: Select all

apt install rsyslog


Code: Select all

yum install rsyslog

depending on your os.

then edit the configuration file for rsyslog

Code: Select all

sudo vi /etc/rsyslog.conf

uncomment these two lines to accept remote syslog on port 514 over udp:

Code: Select all

input(type="imudp" port="514")

add the following at the bottom to send everything logged to this host to a remote destination

Code: Select all

*.*    @remotesysloghost:port

for example, send everything to papertrail (setup your free papertrail account first to get your url)

Code: Select all


open the port to accept incoming syslog:

Code: Select all

firewall-cmd --zone=public --add-port=514/udp --permanent
firewall-cmd --reload

restart rsyslog to grab the new config:

Code: Select all

systemctl restart rsyslog

look at the status if you have troubles:

Code: Select all

systemctl status rsyslog

if you find you are sending things you don't want to be sending, you can stop (drop) those messages in rsyslog.conf:

Code: Select all

:msg, contains, "some_string_in_a_message_i_dont_want_to_send" stop

or, only send messages that match a specific string

Code: Select all

:msg, contains, "some_interesting_msg"

You can use various rules and regex here to get it just right.

point envisalink syslog to this host. It will catch all the syslog messages and ship them to your remote destination

Posts: 13
Joined: Fri Mar 06, 2015 6:56 pm

Re: Get your syslog out

Postby grabo » Sun Jun 07, 2020 2:43 am

Another option would be a device that can NAT the raw IP traffic, without digesting it.

i.e., a relatively intelligent firewall. I did exactly this with a remote EVL4 and a Cisco ASA.

Return to “EnvisaLink ( IP100D, IP170D, 2DS, 3, 4)”

Who is online

Users browsing this forum: Google [Bot] and 16 guests