To send logs from your firewall to Alert Logic®, we recommend forwarding the syslog data to an appliance or to a Remote Collector in your environment.
If you have an appliance in your environment:
- Forward the firewall syslog on port 514 to the private IP of the appliance.
- To make sure we are receiving logs, we can connect to the appliance and check for traffic coming from this source by doing a TCPDUMP.
If you do not have an appliance in your environment:
- Forward the logs of the firewall (over port 1514), since the Remote Collector listens on port 1514.
- Due to the nature of Remote Collectors, Alert Logic depends on the details (i.e. the name of the firewall or its IP address) to show up in the Alert Logic console. The Remote Collectors will appear in the Alert Logic console as a log source.