Implementation Guide › Installing CA Enterprise Log Manager › Initial CA Enterprise Log Manager Server Configurations › Redirect Firewall Ports for syslog Events

Redirect Firewall Ports for syslog Events

You can redirect traffic on standard ports to another port if you are using a firewall between an agent and the CA Enterprise Log Manager server.

Security best practices dictate the least user privilege required to run application processes and daemons. UNIX and Linux daemons running under non-root accounts cannot open ports below 1024. The standard UDP syslog port is 514. This can create a problem for devices such as routers and switches that cannot use non-standard ports.

To resolve this problem, you can configure the firewall to listen for incoming traffic on port 514 and then send to the CA Enterprise Log Manager server on a different port. The redirection occurs on the same host as the syslog listener. Choosing to use a non-standard port instead means that you would have to reconfigure each event source to send its events on that port.

To redirect event traffic through a firewall

1. Log in as a root user.
2. Access a command prompt.
3. Enter a command to redirect the ports for your specific firewall.

   An example of the command line entries for the netfilter/iptables packet filtering tool running on a Red Hat Linux operating system resembles the following:

   chkconfig --level 345
   

   iptables on iptables -t nat -A PREROUTING -p udp --dport 514 -j REDIRECT --to <yournewport>
   

   service iptables save
   

4. Replace the variable value, <yournewport> with an available port number greater than 1024.

   For other implementations, refer to the instructions for handling ports provided by your firewall vendor.