Or am I doing something wrong? If so, I can't figure out what. I have the DSL router feeding a dedicated ClearOS firewall which in turn feeds my LAN. Both networks have Private IP addresses, not a situation that has ever caused any sort of problem in many years or in the many similar sites I have set up. This is the second time I've installed Kiwi Syslog, but the other time was a decade ago and if memory serves both server and monitored device(s) were on the same side of the firewall in that scenario. Now I have the Syslog set up "inside" the firewall and I'm trying to monitor the DSL router wich is of course "outside".
1. The router is set up with
- logging enabled
- logging level "debug"
- log mode "both" (i.e. local + remote)
- Server IP address: the firewall's outside address. (I have also tried this with the syslog server's address, on the other side of the firewall, assuming the f/w would know how to route it. Made no difference)
- Server UDP port: 514
2. The firewall is set up with
- firewall: allowed incoming connection: UDP port 514
- NAT port forwarding: UDP ports from 514 to 514 ip address = Syslog server
3. The Kiwi installation is set up (on a Win 8.1 pro 64 PC)
- Receive messages from: I put in the firewall inside address (as far as I am concerned, the only one I should need to set up) as well the DSL router (its inside address, i.e. facing the firewall) AND the firewall outside address
- [check] Listen for UDP Syslog messages - port 514
4. The PC itself:
- Avast Internet Security firewall: enabled allow Syslog UDP(protocol 17) in/out local port 514
- Windows firewall (don't ask why Avast didn't turn this off) also allowing ALL UDP incoming from ALL IP addresses, edge traversal Allowed
...and nothing ever shows up in Syslog. Nothing. Ever.
Any suggestions at this stage, however mundane or obvious, will be worth looking into... Tks