Data Center: Add EdgeRouter logs to Security Onion

By | July 28, 2016

After seting up Security Onion as my home data center IDS (see https://blog.voina.org/data-center-ids-solution-using-security-onion/) I started to integrate monitoring of other resources to it. The first idea was to add the monitoring of my EdgeMax routers.
Security Onion has a syslog-ng service that is able to receive client syslog data. Then we can visualize this data in Elsa and do searches much more easy.

STEP 1: Redirect EdgeMax based router log to Security Onion

On Edgerouter start the CLI and execute:

Where 192.168.2.124 is the IP of the Security Onion management interface.

STEP 2: Allow access to syslog

On the Security Onion VM execute in a shell so-allow and add access for 192.168.2.1 my EdgeRouter POE:

STEP 3: Start Elsa and check the log entries

Start Elsa from Security Onion VM and look under Host Logs.

elsa

Advertisements