RE: [logs] Contivity WAN Logging problem

From: Harris, John P (John.Harrisat_private)
Date: Fri Apr 26 2002 - 05:38:55 PDT

  • Next message: khatvi: "[logs] regarding checkpoint logs..."

    hmmm, We've never tried to syslog to that side but let me provide some
    opinion on what might be causing the problem and some possible solutions.
    
    First, check the routing on the contivity. Make sure it knows specifically
    that the syslog server is on that side. You may have to add a static route
    to that machine pointing outside. Chances are that this is not the problem,
    although I'd start here in case what I think happens on the contivity
    actually does not (see below).  :-)
    
    The contivity is setup to allow only incoming/outgoing traffic related to
    tunnels through the external (WAN in your case) interface. All of it's
    management related activities (DNS, syslog, NTP, etc) occur through the
    management interface which is the second IP address bound to the internal
    (LAN in your case) interface. This means it will always look out that
    interface for these services. Or at least this is the understanding I have
    of the services on the contivites. They do provide choices of internal
    firewall software you can run on these boxes that would allow you to make an
    internal NAT or passthrough of the external syslog server so the management
    interface could communicate with that address. Otherwise you would have to
    push the syslog to some other firewall server to allow it through to the
    external syslog server. 
    
    On some of the services they have put in the ability to choose the interface
    that communicates with that service (LDAP for example), but that is not the
    case with syslog. Maybe you should contact Nortel and put in a feature
    request (no comment).  :-)
    
    I hope this helps.
    
    
    
    John P. Harris Jr.  SANS GSEC
    Engineering Solutions & Tech Competencies 
    EDS Northeast Region I.Solutions 
    Phone: (716) 231-0986 
    Fax: (716) 231-0232 
    E-Mail: John.Harrisat_private
    Buick Club of America # 37854
    
    
    -----Original Message-----
    From: Tina Bird [mailto:tbird@precision-guesswork.com]
    Sent: Thursday, April 25, 2002 8:38 PM
    To: Log Analysis Mailing List
    Cc: cgrippat_private
    Subject: [logs] Contivity WAN Logging problem
    
    
    Anyone have any ideas about this?
    
    > On Thu, 25 Apr 2002, Christopher Gripp wrote:
    > 
    > > Anyone know of a way to get a Contivity to Syslog to an IP 
    > on its WAN?  I.e.
    > > 
    > > Syslog Server-------[WAN]Contivity[LAN]---------LAN
    > > 
    > > 
    > > I get syslog all day long on the LAN side.
    > > 
    > > Christopher Gripp 
    > > Systems Engineer 
    > > Axcelerant
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 07:30:15 PDT