I've been ask to send the logs from a Nessus scanner remotely on a syslog server, But I can't find a way to bind it to syslog.
Is there a way to do it ?
Asked
Active
Viewed 2,056 times
1 Answers
1
You would need to use the imfile module of rsyslog and configure a rule for each Nessus log file.
Here's a suggestion on how to proceed:
Edit /etc/rsyslog.conf
Add the following line: $ModLoad imfile
Create the imfile rules by adding the below lines for each log file (I suggest including nessusd.messages, nessusd.dump and backend.log. By default, they are in /opt/nessus/var/nessus/logs):
# File 1
$InputFileName path_to_file
$InputFileTag tag:
$InputFileStateFile state_file_name
$InputRunFileMonitorRestart Rsyslog
There are more optional settings available but the aforementioned ones are required. Refer to the "Using Rsyslog Modules" RedHat guide for more info.
Note that you can also configure these rules in a separate file. Should you choose to do so, you'll need to add the $IncludeConfig directive in /etc/rsyslog.conf/. See the Rsyslog documentation.
.
yaningo
- 353
- 2
- 7