RE: Publish a Syslog server to a border router

  • From: Lloyd@xxxxxxxxxxx
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 26 May 2002 14:23:59 -0500

David,
thanks for your quick answer. I have gone back and verified my configs 
based on your info and find them to the same other than you using kiwi and 

I am using Linux Syslog. But both are talking on UDP 514. Here is an 
output of my log file. 

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2002-05-26 18:56:33
#Fields: date   time    source-ip       destination-ip  protocol param#1 
param#2 filter-rule     interface
2002-05-26      18:59:55        4.1.1.2         192.168.50.3    Udp 7126 
514     BLOCKED         110.10.10.2
2002-05-26      19:02:09        4.1.1.2         192.168.50.3    Udp 7126 
514     BLOCKED         110.10.10.2
2002-05-26      19:04:21        4.1.1.2         192.168.50.3    Udp 7126 
514     BLOCKED         110.10.10.2
                                border router   syslog server  external 
ISA interface

I generated these entries by going into global config mode on the router 
and then doing a ctrl+Z to exit which generates a message on the router 
that never gets to the Syslog server because ISA is blocking it as seen it 

the logs. I have a client set that includes both the S0 and E0 interfaces 
of the border router. I have a protocol definition set up as you described 

UDP 514 Receive only. I have a publishing rule that includes the external 
address of the ISA server 110.10.10.2 and the internal address of the 
Syslog server 192.168.50.3.  Seems to me this ought to work but obviously 
I am overlooking something?
LA

Other related posts: