i'm forwarding at the moment traffic logs from Palo Firewalls and Panorama to the Expedition server. I verified with tcpdump that the Expedition-Server recieves the syslogs. Expedition is up to date.
I modified the configuration files in "/var/www/html/OS/rsyslog" like described in the "Expedition Log Analysis Guide v1.0".
I also changed the user permission for the folder like described in the "Expedition Log Analysis Guide v1.0".
But i don't see any created traffic-log-files for analysis.
I also restarted the rsyslog daemon multiple times without any result.
Do you have any idea or something that i should check to solve this problem?
Solved! Go to Solution.
Maybe the local Firewall?
sudo /usr/bin/firewall-cmd --permanent --add-port=514/udp sudo /usr/bin/firewall-cmd --permanent --add-port=514/tcp
Thanks for the help, but it didn't fix my problem. I checked the server once again and the Syslog-Messages are coming to the server but they appear in the following folder /var/log and in the following files syslog and syslog.1. Usually they should be in /data like it is configured in my rsyslog.default-tcpudp.conf file.
So it seems, that my server uses the wrong configuration file for rsyslog.
Does someone know where i can verify which configuration file is used by rsyslog?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!