Overview

Remote syslog lets the GajShield firewall send its log messages to an external server rather than relying only on local storage. This is useful for retaining logs beyond the appliance's onboard capacity, for feeding firewall events into a centralized SIEM or log analytics platform, and for meeting compliance requirements that call for logs to be stored separately from the device that generates them. Once configured, the firewall streams its logs to the destination you specify in real time.

When to use remote syslog

Forwarding to a remote syslog server makes sense in several situations. If you run a SIEM or central log management system, remote syslog is how you get firewall events into it for correlation with logs from other devices. If you need to retain logs for longer than the appliance can hold locally, an external server provides the capacity. And where compliance frameworks require an independent, tamper-resistant copy of logs, storing them off the firewall itself helps satisfy that requirement.

How to configure remote syslog

Navigate to Management > Syslog > Remote Log Options in the GajOS web interface.

Enable remote logging and enter the IP address or hostname of your syslog server, along with the port it listens on. Save the configuration to begin forwarding logs to that destination.

Things to keep in mind

For logs to reach the server reliably, the firewall must have network connectivity to the syslog destination, and any intermediate firewall rules must permit the syslog traffic. Confirm that your syslog server is listening on the protocol and port you've configured on the GajShield side, since a mismatch is the most common reason logs don't arrive. After setting it up, generate some activity and verify that entries are actually appearing on the remote server before relying on the configuration.