Though syslog protocol is very common, some customers are experiencing challenges to set it up correctly. This blog article will provide some best practices and guidance through its syslog proxy installation process, including its configuration into LogPoint.
Why use a syslog proxy ?
A syslog server can be easily set-up to forward logs, but a very basic configuration will not propagate the source IP of the device to LogPoint. As a result, some detections rules, dashboard and reports might be broken into LogPoint.
To workaround this issue, it is required to implement a proper Syslog Proxy server, so that device’s source IP address is properly relayed to LogPoint server.
For the purpose of this article we will use rsyslog that is part of most Linux distributions. The configuration steps can be done on other syslog servers (like syslog-ng or NxLog Enterprise Edition) but might require a deep review of their technical documentation.v
The example above shows the