syslogs sent to external SIEM monitor, logs not being sent
WG M370 v12.4.1; wsm/fsm 12.5.3
In Logging Setup, under Syslog Server > (checked) Send Log messages to these Syslog servers:
I have the IP address and Port of the SIEM server; log format "Syslog".
My old XTM 515 sent the logs with this setup, my M370 doesn't seem to be sending the logs. (Per the SIEM monitors)
Should I be able to see the logs being sent in the 'Traffic Monitor' if I sort by the Syslog Server IP?
Sign In to comment.
Only if you have selected "Enable logging for traffic sent from this device" in Diagnostic Logging in Policy Manager or in Logging in the Web UI.
Yes, that has been selected.
syslog is plain text, so you can verify it via packet capture
In Firebox System Manager, assuming your syslog server is on eth1, something like
-i eth1 host 192.168.10.100 and port 514
Should capture the syslog traffic, and you can read it in something like wireshark, and verify if it's even happening. Syslog is UDP, so it's basically just sent with no verification.
WatchGuard Customer Support