RE: Publish a Syslog server to a border router

• From: "David Elmquist" <david@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 26 May 2002 22:59:50 +0200

 
Could you describe you client set in detail ?  I assume 4.1.1.2 is your
E0. 
For troubleshooting, you could drop the clientset from your
publishing-rule and see if that
Gets you anywhere. 
 
 David Elmquist
 
 
 
-----Original Message-----
From: Lloyd@xxxxxxxxxxx [mailto:Lloyd@xxxxxxxxxxx] 
Sent: 26. maj 2002 22:37
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish a Syslog server to a border router
 
http://www.ISAserver.org 
David,
thanks for your quick answer. I have gone back and verified my configs 
based on your info and find them to the same other than you using kiwi
and 
I am using Linux Syslog. But both are talking on UDP 514. Here is an 
output of my log file. 

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2002-05-26 18:56:33
#Fields: date   time    source-ip       destination-ip  protocol param#1
param#2 filter-rule     interface
2002-05-26   18:59:55        4.1.1.2         192.168.50.3    Udp
7126   514     BLOCKED         110.10.10.2
2002-05-26   19:02:09   4.1.1.2         192.168.50.3    Udp         7126
514     BLOCKED         110.10.10.2
2002-05-26   19:04:21   4.1.1.2         192.168.50.3    Udp         7126
514     BLOCKED         110.10.10.2
                       border router   syslog server
external ISA interface

I generated these entries by going into global config mode on the router

and then doing a ctrl+Z to exit which generates a message on the router 
that never gets to the Syslog server because ISA is blocking it as seen
it 
the logs. I have a client set that includes both the S0 and E0
interfaces 
of the border router. I have a protocol definition set up as you
described 
UDP 514 Receive only. I have a publishing rule that includes the
external 
address of the ISA server 110.10.10.2 and the internal address of the 
Syslog server 192.168.50.3.  Seems to me this ought to work but
obviously 
I am overlooking something? 
LA ------------------------------------------------------ You are
currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router
• » RE: Publish a Syslog server to a border router

1. Home
2. isalist
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---