LME icon indicating copy to clipboard operation
LME copied to clipboard
verified publisher icon cisagov

Documentation: Syslog Forwarding

Open NVivero opened this issue 9 months ago • 1 comments

Overview: This task involves developing and publishing user-facing documentation for configuring Syslog forwarding in LME. The doc should guide users on how to forward logs from external network devices (e.g., routers, firewalls) using Syslog. This feature enables broader visibility into network activity and supports additional detection use cases.

Scope of Work:

  • Describe the purpose and benefits of enabling Syslog forwarding in LME.
  • Provide instructions for configuring Syslog inputs in the Elastic stack used by LME.
  • Include examples for forwarding logs from common network devices (e.g., using rsyslog or syslog-ng).
  • Clarify how logs are ingested, parsed, and displayed in Kibana dashboards.
  • Highlight any known limitations or additional considerations (e.g., timestamp issues, device-specific formatting).
  • Ensure documentation aligns with the existing style and structure of the LME repository.

NVivero avatar Apr 08 '25 13:04 NVivero

Related to https://github.com/cisagov/LME/discussions/553#discussioncomment-12751373

NVivero avatar Apr 08 '25 15:04 NVivero