I encountered a problem while doing remote logging with syslog on IPFire. Here is the thing that I have done on IPFire:
- Enter the syslog server IP address for remote logging under Logs -> Log Settings then press save.
Here is the thing that I have done on the Monitoring Station (in this case I use SPLUNK with IP Address 10.10.12.18)
- Add ‘input data’ from port 514
I want to get logs from IPFire to be sent to SPLUNK especially IPS log. In Logs -> IPS Logs, I get the attack information normally. But when I see it through SPLUNK, I didn’t get any information from IPS.
Can anyone help me?