Logs to syslog server and local copy

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
feel-ip
Posts: 3
Joined: Mon Nov 05, 2018 2:37 pm

Logs to syslog server and local copy

Post by feel-ip » Mon Nov 05, 2018 3:03 pm

Does anyone know how to send virtual hub security logs to a remote syslog server while keeping a local copy?

Actually I need a local copy to use with fail2ban in order to block users after 5 authentication failures but I also need to send them to a centralized server.

The problem is that if I setup my vnp server with the Syslog Send Function, all logs are transffered to my syslog without writing anything in /usr/local/vpnserver/security_log/HUBname/sec.log.

Does anyone know how to do this?

fenice
Posts: 183
Joined: Sun Jul 19, 2015 4:23 pm

Re: Logs to syslog server and local copy

Post by fenice » Mon Nov 05, 2018 3:05 pm

Does your syslog server not have a 'client' available to forward your log files?
Regards


Bill

feel-ip
Posts: 3
Joined: Mon Nov 05, 2018 2:37 pm

Re: Logs to syslog server and local copy

Post by feel-ip » Mon Nov 05, 2018 3:18 pm

fenice wrote:
Mon Nov 05, 2018 3:05 pm
Does your syslog server not have a 'client' available to forward your log files?
My syslog server is configured to receive messages from my vpn server and it works perfectly.
But I also need to write logs in the local disk (/usr/local/vpnserver/security_log/HUBname/sec.log) because it's used by Fail2ban.

This option is not available in the Server Manager.

To summarize, I need to transfer the Hub security logs to my syslog while keeping a copy in /usr/local/vpnserver/security_log/HUBname/sec.log

fenice
Posts: 183
Joined: Sun Jul 19, 2015 4:23 pm

Re: Logs to syslog server and local copy

Post by fenice » Mon Nov 05, 2018 3:25 pm

That doesn't really answer the question I asked so I'll assume it's a 'no'. I use Splunk as a syslog server and it has a client (as does elasticsearch) that will forward the to the server for future consumption and leave the original log file on the SoftEtherVPN server (i.e. the syslog client). Unfortunately I can't give you a definitive answer to your question but it might get you a response if you raised this on githib as an enhancement request.
Regards


Bill

feel-ip
Posts: 3
Joined: Mon Nov 05, 2018 2:37 pm

Re: Logs to syslog server and local copy

Post by feel-ip » Mon Nov 05, 2018 3:49 pm

fenice wrote:
Mon Nov 05, 2018 3:25 pm
That doesn't really answer the question I asked so I'll assume it's a 'no'. I use Splunk as a syslog server and it has a client (as does elasticsearch) that will forward the to the server for future consumption and leave the original log file on the SoftEtherVPN server (i.e. the syslog client). Unfortunately I can't give you a definitive answer to your question but it might get you a response if you raised this on githib as an enhancement request.
We use Elasticsearch and you're right there is no agent installed on the server.

I thought I could do this by modifying the vpn server main configuration and rsyslog.

But I think that your solution of using an agent on the server would be the best.

fenice
Posts: 183
Joined: Sun Jul 19, 2015 4:23 pm

Re: Logs to syslog server and local copy

Post by fenice » Mon Nov 05, 2018 4:04 pm

That's good news as I tend to prefer a client but I can see that someone might prefer to have the local log & remote syslog as an option. Anyway, it's good you have a solution. :)
Regards


Bill

Post Reply