Configure Network Device - Untangle Firewall
This article provides instruction on how to set up and enable Syslog forwarding on an Untangle firewall
Enable Syslog
- Go to Config > Events > Syslog.
- Enable the "Enable Remote Syslog" option.
- Configure the Syslog connection:
- Enter the IP Address of the RocketAgent running the Firewall Analyzer App
- Keep the default port and protocol (UDP 514)
Create a Syslog Rule
The default rule that is included when you first enable Syslog sends all data in all classes to the remote server. We recommend disabling or deleting the default rule and creating rules that send only the data that you want/need to the RocketAgent.
- Click the Add button. You should get a window similar to the one shown below
- Enter a description for the rule and then click the drop-down menu for Class.
- You can further limit the data sent by adding fields via the Add Field button and selecting the field you want to filter by:
- Click the Add Field button
- Select the Filed you want to filter by and then fill in the rest of the filter conditions similar to below
- Click the Add Field button
- You can also set a threshold on the rule so it only triggers after a certain number of matching events occur:
- Click Done in the bottom-right corner of the window and then click Save in the main window to apply your new rule.
We require you to create Syslog Event Rules for the following Event Classes In Untangle
- VirusFtpEvent
- VirusHttpEvent
- VirusSmtpEvent
- AdminLoginEvent
- IntrusionPreventionLogEvent
- LoginEvent
- WebFilterEvent
- SessionEvent
- OpenVpnEvent
- OpenVpnStatusEvent
- TunnelVpnEvent
- VirtualUserEvent
- IpsecVpnEvent
- TunnelVpnStatusEvent
For a complete list of event classes please visit:
