Setting Up the Environment for Windows Server 2016

Syslog Writer on Windows box can currently only write the CISP events to a remote syslog server on Linux, so the setup will involve two machines:

  • Machine #1 runs Windows with Docker and the Syslog Writer app.

  • Machine #2 runs Linux with Syslog server, and is in the same network.

Setting up Docker on Windows Server (Machine #1)

The installation commands in this section are specific to Windows 10 Professional edition, running a VMWare virtual machine of Windows Server 2016.

If you are using another supported platform, you need to modify the syntax for setting up the Docker Toolbox for your machine. These steps should give you the information you need to do that.

To set up Docker on a Windows server:

  1. To enable virtualization, power OFF your Windows Server VM.
  2. In setting Devices > Processors, select Virtualize Intel VT-x/EPT or AMD-V/RVI as the Virtualization Engine.

  1. Power ON the Windows server VM again.
  2. Install Docker Toolbox for Windows by following the instructions in this link: https://docs.docker.com/toolbox/toolbox_install_windows/
  3. Open the Docker Quickstart terminal to create a default Docker machine and provide a prompt for running the Docker commands.
  4. Add a shared folder on the host machine by opening Oracle Virtualbox and clicking Settings > Shared Folders for the default Docker machine.

  1. In Shared Folders, make sure that c:\Users is listed.


Setting up Remote Syslog Server on Linux (Machine #2)

The steps in this section are specific for setting up rsyslog on CentOS 6.9.

Note:   If you have a different syslog server, you will need to modify the syntax accordingly.

To set up a remote syslog server on Linux:

  1. Allow TCP input in syslog server configuration:
    1. Open the rsyslog configuration file:

      sudo vi /etc/rsyslog.conf    
    2. Uncomment these two lines in the conf file (if they are commented out):

      $ModLoad imtcp

      $InputTCPServerRun 514

    3. Restart the rsyslog server:

      sudo service rsyslog restart    

  2. Allow the firewall to accept TCP input on port 514:
    1. Open the iptables config file:

      sudo vi /etc/sysconfig/iptables

    2. Add this line before the COMMIT line, if it is not present already:

      -I INPUT –p tcp -–dport 514 –j ACCEPT

    3. Restart iptables:

      sudo service iptables restart    

  3. Monitor syslog:

    Before starting syslog writer, it is helpful to keep another terminal window open to check the syslog:

Note:   The path for Ubuntu is /var/log/syslog