Forum Discussion
Solved
Duplicate logs of CEF with Syslog
Hello, Is there a way to remove duplication of CommonSecurity and Syslog when Log collector Server is configured to forward CEF and Syslog. for example F5 WAF firewall sending Syslog with CEF fo...
- i got a solution that worked for me:
i've created a seperate machine used only for CEF logs - on that machine just make an IPTABLES that blocks port 25224.
sudo iptables -A INPUT -p udp --dport 25224 -j DROP
sudo iptables -A OUTPUT -p udp --dport 25224 -j DROP
Unfortunately ,it's got overwritten by Sentinel configuration
i got a solution that worked for me:
i've created a seperate machine used only for CEF logs - on that machine just make an IPTABLES that blocks port 25224.
sudo iptables -A INPUT -p udp --dport 25224 -j DROP
sudo iptables -A OUTPUT -p udp --dport 25224 -j DROP
i've created a seperate machine used only for CEF logs - on that machine just make an IPTABLES that blocks port 25224.
sudo iptables -A INPUT -p udp --dport 25224 -j DROP
sudo iptables -A OUTPUT -p udp --dport 25224 -j DROP
- Thank you, i will try this.