fahmiff

How to add logging from WinIDS to Kiwi Syslog Server

6 posts in this topic

Hello everyone, sorry to bother you. Yesterday i'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work. then i'm got confuse how to showing  logging events to kiwi syslog server from the Windows Intrusion Detection System (WinIDS) that i'm already install from tutorial ""Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus". Can someone give me tutorial how to add that logging event to showing in kiwi syslog server without bothering the existing WinIDS? 

thank you so much. and have a nice day.

 

Share this post


Link to post
Share on other sites

There is already one in the Companion Add-On section..

You might want to try a real free syslog server.

Share this post


Link to post
Share on other sites
3 hours ago, Morpheus said:

There is already one in the Companion Add-On section..

You might want to try a real free syslog server.

Thank you. now im trying to use visual syslog server as you suggested. but 5c8a8d8c5e7de_visualsyslogserver.thumb.PNG.4bad2669a9274063d4166ddef0256a42.PNG

so i follow the tutorial "Installing Logging Events to a Remote Syslog Server" and i got confused on part to test open listening port on remote syslog server because i dont know the ip address and port of the visual syslog seerver. what should i do to know the ip address and port of the remote syslog server?

 

Thank you. And have a nice day.

Share this post


Link to post
Share on other sites

On the PC with VSS go to this URL. The IP address will be displayed and populated in the Remote Address dialog box. Just add port 514 to Port Number dialog box, and left-click 'Check'. This will check to make sure the VSS port is open.

If the port is not open then you will need adjust the firewall to allow TCP/UDP traffic for port 514

Share this post


Link to post
Share on other sites
14 hours ago, Morpheus said:

On the PC with VSS go to this URL. The IP address will be displayed and populated in the Remote Address dialog box. Just add port 514 to Port Number dialog box, and left-click 'Check'. This will check to make sure the VSS port is open.

If the port is not open then you will need adjust the firewall to allow TCP/UDP traffic for port 514

im already open the URL but it show that port 514 is closed

5c8b9de48a7eb_cekport.PNG.721ca1d74075795c3dc182ba135395e5.PNG

so after that i'm adjust my firewall to allow tcp and udp for port 514.

5c8b9e4248df0_tcpvss.PNG.ceccb091ec850bf806c66d9c62ab1930.PNG

but after i check the port forwarding test the port 514 its still closed. what should i do? or i must doing something with the vss?

Thank you so much, and have a nice day.

Share this post


Link to post
Share on other sites

I have updated the tutorial on installing a local Syslog Server. IT was a major revision and has been tested.

2019-03-15_22-25-28.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now