I tried searching for an answer this and couldn't find anything, so here goes:
I am trying to setup syslogd (sysklogd to be exact) to send out snort logs to a remote IDS box for filtering, etc.
In /etc/syslog.con I added the following entry:
Code:
auth.* @XX.XX.XX.XX
where XX.XX.XX.XX is the remote machine I need to send the logs to.
On the local box I have two interfaces: eth1 with IP 10.10.10.1 This interface is not routable on our network, but it is setup as a spanned port on a managed switch to act as a passive sniffer. eth0 has IP 172.16.45.254, which is on our local admin LAN and has access to XX.XX.XX.XX.
I also added the following route:
Code:
route add XX.XX.XX.XX dev eth0
When I perform a traceroute XX.XX.XX.XX it does what I assume it should, it goes out 172.16.45.2 (the gateway for the admin lan). However, the remote machine is not receiving any syslogs. When I goto the console and pull up ethereal, performa a scan on eth1, all of the UDP syslog packets are being sent out that interface, instead of eth0, which it desperately needs to go out.
If anyone can help me out with this it would be greatly appreciated.
Update:
I decided to reboot the server. When everything came back up and snort was started, I took a look at ethereal. Now syslog packets from the local machine are being sent out both interfaces. If I need to post screenshots, please let me know.