AXGATE Firewall Integration
Overview
This integration collects firewall traffic, VPN, IPS, and admin activity logs from AXGATE firewall appliances. AXGATE is a cost-effective Korean firewall vendor with CC certification.
Supported models: AXGATE 50/80/100/200 series
Prerequisites
- A KYRA MDR Collector installed and running (Installation Guide)
- AXGATE administrative access
- Network connectivity from the firewall to the collector on port 514
Configuration
Syslog Setup
- Log in to the AXGATE management console
- Navigate to 시스템 관리 > 로그 > 외부 로그 서버
- Add the KYRA Collector as a syslog destination:
| Setting | Value |
|---|---|
| Server IP | Your KYRA Collector IP |
| Port | 514 |
| Protocol | UDP |
- Select the log types to forward
- Apply and save the configuration
Sample Log Format
AXGATE uses a proprietary key-value format:
date=2026-03-20 time=10:30:00 device=AXGATE-100 type=firewall action=deny src=10.0.0.5 dst=203.0.113.1 dport=443 proto=tcpNote: KYRA MDR includes a custom parser for AXGATE log format.
Collected Log Types
| Log Type | Security Use | Priority |
|---|---|---|
| Firewall traffic | Network flow visibility, policy violation detection | High |
| VPN (IPSec/SSL) | Remote access monitoring and anomaly detection | High |
| IPS events | Intrusion detection (UTM models) | High |
| NAT logs | Address translation tracking | Medium |
| Admin activity | Configuration change auditing | High |
| Web Filter | Web access policy enforcement (UTM models) | Medium |
Troubleshooting
No Logs Received
- Verify the syslog server IP and port are correct in AXGATE settings
- Ensure no ACLs block port 514 between the AXGATE and the collector
- Check that log forwarding is enabled and applied
Log Parsing Issues
- AXGATE uses a proprietary format; ensure the KYRA Collector is running the latest parser version
- Contact kyra@seekerslab.com if you see unparsed log entries