Skip to main content

Syslog Forwarder

1. Introduction

Since Cisco FMC (Firewall Management Center) and Cisco ISE (Identity Services Engine) cannot send threat events or failed authentication events directly to an HTTP destination, we require a Syslog service to bridge the gap between these systems and our centralized log collector service. This Syslog container acts as an intermediary, forwarding logs from Cisco ISE and Cisco Firepower to NxtFireGuard.

2. What You'll Need

1. Virtual Machine with the following specs:

- 2 CPU Cores

- 4 GB RAM

- 20 GB Hard Disk

- 1x Network Interface

2. A valid NxtFireGuard License Key

3. Install the Latest Ubuntu or Debian Server OS 🐧

4. Update Package Sources and Upgrade Packages 🔄

sudo apt-get update -y && sudo apt-get upgrade -y

5. Install Docker 🐳

5.1 For Debian 11 & 12

Remove Conflicting Packages ❌

for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

Add Docker’s GPG Key 🔑

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add Docker Repository to Apt Sources 📦

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install Docker Packages 📥

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify Installation ✅

sudo docker run hello-world
5.2 For Ubuntu 24.04, 22.04 & 20.04

Remove Conflicting Packages ❌

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

Add Docker’s GPG Key 🔑

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add Docker Repository to Apt Sources 📦

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install Docker Packages 📥

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify Installation ✅

sudo docker run hello-world

6. Install Git 🛠️

sudo apt-get install git -y

7. Create User & Add to Docker Group 👤

7.1 Create a User

Replace <username> with the desired username.

sudo adduser <username>

7.2 Add New User to Docker Group

sudo usermod -aG docker <username>

8. Clone Repository & Start Container 📦

8.1 Switch to New User

su <username>
cd

8.2 Clone GitHub "NxtFireGuard-Syslog-forwarder" Repository

git clone https://github.com/NxtGenIT/NxtFireGuard-Syslog-forwarder.git && cd NxtFireGuard-Syslog-forwarder

8.3 Set your License Key

Replace YOUR_ACTUAL_LICENSE_KEY with your purchased license key.

sed -i 's/<your-license-key>/YOUR_ACTUAL_LICENSE_KEY/g' syslog/syslog-ng.conf

8.4 Start Docker Container

docker compose up -d

Finished! 🎉