How to configure the syslog logs of the security equipment to directly send to Security Onion?

[tanghong990208]

Version

2.4.190

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Import

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

32

RAM

24

Storage for /

500g

Storage for /nsm

200

Network Traffic Collection

span port

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

How to configure the syslog logs of the security equipment to be directly sent to Security Onion? My Security Onion is deployed on 172.16.20.135. There are many network security devices in the internal network. I want the syslog logs to be sent to Security Onion for monitoring.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[reyesj2]

If that config is sending syslog out to the Security Onion box on 514 you need to configure the Security Onion firewall to accept those logs. By adding the ip address of this WAF to the syslog hostgroup https://docs.securityonion.net/en/2.4/syslog.html#syslog