[rsyslog] rsyslog + MariaDB + Fortigate

Fri, 04 Oct 2024 10:40:29 -0700 

Hi everyone,

I’m new using rsyslog, but I spent 2 weeks trying to do this but no success.

I have a fortigate (ip 172.16.0.12) configured to send its logs to a Linux 
Ubunto (hostname usyslog) using the UDP port 6514

In last trying, I just changed few lines on rsyslog.conf:

module(load="imudp")
input(type="imudp" port="6514")


module(load="ommysql")

$AllowedSender UDP, 172.16.0.12/24
if $fromhost-ip == '172.16.0.12' then
{
        action(type="ommysql" server="localhost" db="fortigate_logs" uid="root" 
pwd="password")
        #action(type="omfile" file="/var/log/fortigate.log")
}
I created the database fortigate_logs and table SystemEvents

Using tcpdump, there are package reaching the server:

11:29:01.683318 IP 172.16.0.12.18367 > usyslog.syslog-tls: Flags [S], seq 
3001477916, win 11840, options [mss 2960,sackOK,TS val 360581190 ecr 
0,nop,wscale 11], length 0
11:29:01.683357 IP usyslog.syslog-tls > 172.16.0.12.18367: Flags [R.], seq 0, 
ack 3001477917, win 0, length 0
11:29:12.023428 IP 172.16.0.12.18394 > usyslog.syslog-tls: Flags [S], seq 
1897421554, win 11840, options [mss 2960,sackOK,TS val 360582224 ecr 
0,nop,wscale 11], length 0
11:29:12.023463 IP usyslog.syslog-tls > 172.16.0.12.18394: Flags [R.], seq 0, 
ack 1897421555, win 0, length 0
11:29:21.693622 IP 172.16.0.12.7407 > usyslog.syslog-tls: Flags [S], seq 
252807957, win 11840, options [mss 2960,sackOK,TS val 360583191 ecr 
0,nop,wscale 11], length 0
11:29:21.693662 IP usyslog.syslog-tls > 172.16.0.12.7407: Flags [R.], seq 0, 
ack 252807958, win 0, length 0
11:29:32.023773 IP 172.16.0.12.16146 > usyslog.syslog-tls: Flags [S], seq 
4274163439, win 11840, options [mss 2960,sackOK,TS val 360584224 ecr 
0,nop,wscale 11], length 0

No log is written to the MariaDB:

mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
|        0 |
+----------+
1 row in set (0,01 sec)

What did I miss? What is wrong? Could you help me, please?

Grato,

João Carlos Garcia
Cel.: (+55 11) 99363 9616

5Wi - Integração e Alta Disponibilidade
Al. Rio negro, 585, Ed Jaçari, cj 13
Barueri, SP, 06454-000
Tel.: (+55 11) 2176 3650
www.5wi.com.br<http://www.5wi.com.br/>
[ass 5]<http://www.5wi.com.br/>


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to