On 10/6/24 7:28 PM, João Carlos Garcia via rsyslog wrote:
Hi everyone .. No firewall installed
root@usyslog:~# ufw status
Status: inactive
root@usyslog:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@usyslog:~# sestatus
Command 'sestatus' not found, but can be installed with:
apt install policycoreutils
root@usyslog:~# setenforce 0
Command 'setenforce' not found, but can be installed with:
apt install selinux-utils
Any other clue?
Tks
João Garcia
-----Original Message-----
From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of Mauricio Tavares
via rsyslog
Sent: Saturday, October 5, 2024 1:47 PM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Mauricio Tavares <raubvo...@gmail.com>
Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate
On Sat, Oct 5, 2024 at 8:47 AM João Carlos Garcia via rsyslog
<rsyslog@lists.adiscon.com> wrote:
Brendan,
Thanks for your help, I see the packets now have length > 0, but the data is
not written to the database.
Is this correct?
$AllowedSender TCP, 172.16.0.12/24
if $fromhost-ip == '172.16.0.12' then
{
action(type="ommysql" server="localhost" db="fortigate_logs"
uid="root" pwd="password") }
Thanks,
João Carlos Garcia
Do you have a firewall running in this host?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
i would check you DB rights/permissions. it's bad practice to use root
as an identity for DB access. try to access the DB using the creds you
provide to the rsyslog daemon and validate that there are no issues. i
create a specific user for rsyslog to access the log DB that i have, and
dont use system IDs like root. you might need to create a user and
provide that user the necessary permissions to the appropriate DB.
check out this article...
https://mariadb.com/kb/en/mariadb-authorization-and-permissions-for-sql-server-users/
HTH,
brendan
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
