1 hour 18 minutes
Hello and welcome to our final configuration video.
Our goal for this video is to enable SIS lock forwarding on our Web server
let's go into our Web server
we'll be going toe, etc.
RCIs Aug dot d.
I will be editing the 50 dash default dot com file
going down to the very bottom. We can edit the little comment.
The first piece.
This town is just solid to grab all the logs regardless of file, name or file extension
next week, the point where he wants a slug to send the locks too.
In my case, I'll be sending them directly to the Oasis Time server
over port 514
which is usually reserved for CeCe Log
Why and enter To save the file,
we could do a quick tale to make sure if I was safe.
Once we've confirmed the file is safe, we have to restart the service.
It will ask you for your admin credentials.
The service has been restarted
to confirm this activity. We can go into our oasis. I am server
We will be using a program called TCP Dump.
DCP Dump allows us to monitor network interface in a certain port for traffic.
Our interface on our server is zero.
filed by the I p
of our Web server
hand port 514
You can see got zero.
This means that the O side server has not received any logs yet.
We can help this along.
To get some locks going. We could go into our colleague machine,
open up a terminal
and create some sshh failed bargain alerts.
Going back to our server,
we could see got 66
for a live example.
Go back our Web server.
Log on with the wrong password.
As you can see, the value increases
as the Web server creates the long and sends it over
They should also have great. It's mainly about alarms
going at the alarms. We can see some
sssh brute force activity sourcing from our Colin machine.
We could see all our failed passwords
going into the event. Specifically,
you could see the Web server is the origin of this log.
This concludes our video on how to forward locks over sis log to R osa Science server