Jump to:navigation, search
Wiki





























De.png
En.png
Fr.png






Paessler PRTG set up as syslog server for Securepoint UTM
Last adaption: 08.2022
New:
  • Reference to unencrypted transmission
notempty
This article refers to a Resellerpreview
-

Foreword

Syslog data from the UTM can be captured with third-party solutions.
Shown here is the example of PRTG from Paessler.

Since the syslog is not encrypted, a VPN tunnel should always be used when connecting via internet

Requirement

PRTG requires its own sender email address to send status emails.
If the syslog server with PRTG is not located within your own mail infrastructure, it can lead to the rejection of mails even if the UTM is configured correctly (Fake sender).
A workaround for this is, for example, an Allow-List mail filter rule for a monitoring mail address or adding to the allowed mail server IPs.


Preliminary configuration on the UTM
































Syslog settings

Syslog settings
The connection of the UTM is configured on a syslog server (syslogd).
Caption Value Description Appliance Settings UTMuser@firewall.name.fqdnNetwork UTM v12.6 Servereinstellungen Syslog-en.png
Log the UTM hostname in the syslog messages: No In case of Yes activation the hostname is transmitted with

Syslog-Server

Syslog-Server
Add Syslog Server
IP / Hostname: syslog.ttt-point.de IP address or host name of the syslog server.
notempty
If more than one ip-address is assigned to the hostname while you are using Round Robin DNS, the syslog messages may be send to another server each time the service gets restarted. Additionally you won't be protected against DNS Spoofing anymore. Please make sure only one address is assigned to the hostname.
Port: 514Link= Default port for syslog messages
Protocol udp Default protocol for syslog messages.
Alternatively tcp can be selected here.
  • PRTG requires udp as protocol for syslog
  • The Securepoint appliance uses an rfc5424-based protocol format. Alternatively, the following template can be used for syslog servers. This template is automatically recognized by some syslog servers, but must be entered manually for others.

    template rfc5424_and_116_compat_format {template("<${PRI}>1 ${ISODATE} - ${PROGRAM} $(or ${PID} '-') - - ${MSG}\n");};
    <${PRI}>1 ${ISODATE} - ${PROGRAM} $(or ${PID} '-') - - ${MSG}\n




    Configuration PRTG network monitor

    • Select the devices menu in the dashboard
    • Find IP address of the UTM and select Add sensor
    • Select syslog sensor
    • Configure and create syslog sensor
    • Fully configured sensor provides live data from the UTM
    PRTG Dashboard.png
    Select menu Devices
    PRTG 2 Sensor hinzufügen.PNG
    In the tree menu: Main Group - Local Probe - Network Scan - Network Infrastructure in the entry with the firewall IP address, click Add sensor.
    PRTG 3 Sensor suchen.PNG
    • Enter syslog in the search and click on the tile Syslog receiver
    PRTG 4 Syslog Sensor konfigurieren.PNG
    • If necessary, adjust the log length at the item Delete messages after.
    • Add sensor with the button Create
    PRTG 5 Sensor Livedaten.PNG
    Fully configured sensor: Syslog provides live data of the UTM