Syslog Director port redirection from 514 to 10514 is missing in SSIM 4.7.4 installation.

book

Article ID: 156372

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You type the command iptables -L on your SSIM and you do not see the syslog redirector rule to redirect traffic to port 104514. When you manually add the rules using the following command, the rules disappear after a reboot:
iptables -t nat -A PREROUTING -p UDP -m udp --dport 514 -j REDIRECT --to-ports 10514
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 514 -j REDIRECT --to-ports 10514
iptables-save

NA

Cause

The iptable rules are stored in /etc/sysconfig/iptables. It contains the rules which will be loaded during bootup.

The reason why the rules disappeared after reboot is that, they were not saved to this file.

Resolution

The iptable rules are stored in /etc/sysconfig/iptables. It contains the rules which will be loaded during bootup.

The reason why the rules disappeared after reboot is that, they were not saved to this file.

You need to add the rules using the following commands:

iptables -t nat -A PREROUTING -p UDP -m udp --dport 514 -j REDIRECT --to-ports 10514
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 514 -j REDIRECT --to-ports 10514
iptables-save

and then, pipe the output from iptables-save into this file.

iptables-save > /etc/sysconfig/iptables

Alternatively, you could also copy the iptables file from/etc/sysconfig from any other working SSIM which already has the rules for syslog redirect.