Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[obeiro]

Hi,

That's my first post. I've been searching a while and haven't found an answer so here I am.
I've got a DFL-800 basic setup, planning a future WAN load balance scenario. I've found a few issues but instead of asking how to fix them I'm trying some selflearning, but I'm stuck with logging.

Memlog isn't enough so I'd like to use remote logging to a syslog server, but had no luck so far.

Here's my scenario.

* DFL-800 Firewall - WAN1: Public IP - LAN: Private IP:10.0.0.254 Subnet: 10.0.0.252/30
Default config. Just added two IP rules to let all traffic flow to the network appliance at 10.0.0.253

#      Name      Action      Source interface      Source network      Destination interface      Destination network      Service
1     allow_all_tcpudp_sat     SAT     any     all-nets     core     wan1_ip     all_tcpudp
2     allow_all_tcpudp_nat     NAT     any     all-nets     core     wan1_ip     all_tcpudp

* The Network appliance (IPBrick) is a linux box which handles VPN, VoIP, email and fax, and works as main firewall. Unfortunately doesn't support WAN load balance or failover (that's why we need DFL-800).
eth0 IP: is 10.0.0.253 and  eth1 IP 192.168.0.254 in our LAN Subnet 192.168.0.0/24

* A windows box in the LAN lets say 192.168.0.101 with a syslog server which should receive log messages from DFL-800 but does not :-(. I can ping and manage (https) DFL-800 from that IP.
I've tried wallwatcher and syslog watcher 2 without success, adding a Log and Event receiver:
Name      Type      IPAddress      Port      Comments
 dfl-rsyslog    Syslog Receiver     192.168.0.101    514    

And I've even tried D-LINK example: How_to_log_visited_web_sites.pdf and no messages appeared on the server.

Any help is appreciated.

Thank you
Sorry about my english.

[danilovav]

You're talking about different things.

I think, document you saw is about using service with HTTP ALG - if you enable its logging, you'll see visited URLs.

But, your rules is WAN > LAN (SAT) and without ALG.

So, what you have and what you want to get as result?

[obeiro]

Hi,

Thank you for your answer.

First I was trying to show our scenario. Once you know how it is set up our network, I tried to explain my problem (no remote logging in my syslog server). I've just said I've used a working example (HTTP ALG) to check if it was something related with my setup.

WHAT I WANT
I want to get syslog data of incoming traffic on a Syslog remote server at 192.168.0.101

WHAT I GOT

INET ---- DFL-800 ---- Linux router ---- LAN (Syslog Server)

[danilovav]

So...

1) Add static route for 192.168.0.0/24 to LAN

2) Make "allow" rules on Linux router to allow DFL > Syslog server traffic

[obeiro]

I didn't realise about the fact that traffic from DFL "needed to know" how to reach our internal LAN. The static route was the answer, and then forwarding 514 UDP syslog packets to the right server solved the issue.

I've got lots of new questions, but I guess it's better make them one by one on new threads.

Thank you.