Logs to syslog server and local copy

[feel-ip]

Does anyone know how to send virtual hub security logs to a remote syslog server while keeping a local copy?

Actually I need a local copy to use with fail2ban in order to block users after 5 authentication failures but I also need to send them to a centralized server.

The problem is that if I setup my vnp server with the Syslog Send Function, all logs are transffered to my syslog without writing anything in /usr/local/vpnserver/security_log/HUBname/sec.log.

Does anyone know how to do this?

[fenice]

Does your syslog server not have a 'client' available to forward your log files?

[feel-ip]

Does your syslog server not have a 'client' available to forward your log files?

My syslog server is configured to receive messages from my vpn server and it works perfectly.
But I also need to write logs in the local disk (/usr/local/vpnserver/security_log/HUBname/sec.log) because it's used by Fail2ban.

This option is not available in the Server Manager.

To summarize, I need to transfer the Hub security logs to my syslog while keeping a copy in /usr/local/vpnserver/security_log/HUBname/sec.log

[fenice]

That doesn't really answer the question I asked so I'll assume it's a 'no'. I use Splunk as a syslog server and it has a client (as does elasticsearch) that will forward the to the server for future consumption and leave the original log file on the SoftEtherVPN server (i.e. the syslog client). Unfortunately I can't give you a definitive answer to your question but it might get you a response if you raised this on githib as an enhancement request.

[feel-ip]

That doesn't really answer the question I asked so I'll assume it's a 'no'. I use Splunk as a syslog server and it has a client (as does elasticsearch) that will forward the to the server for future consumption and leave the original log file on the SoftEtherVPN server (i.e. the syslog client). Unfortunately I can't give you a definitive answer to your question but it might get you a response if you raised this on githib as an enhancement request.

We use Elasticsearch and you're right there is no agent installed on the server.

I thought I could do this by modifying the vpn server main configuration and rsyslog.

But I think that your solution of using an agent on the server would be the best.

[fenice]

That's good news as I tend to prefer a client but I can see that someone might prefer to have the local log & remote syslog as an option. Anyway, it's good you have a solution. :)