SA-syslog_collection icon indicating copy to clipboard operation
SA-syslog_collection copied to clipboard

Published 20 hours ago verified publisher icon hire-vladimir

add syslog forwarding to 3rd party example

Open hire-vladimir opened this issue 9 years ago • 3 comments

  • rsyslog
# udp
*.* @10.1.1.1:514
# tcp
*.* @@10.1.1.1:514
# udp with compression
*.* @(z9)10.1.1.1:514
  • syslog-ng
destination d_loghost {udp("10.1.1.1" port(514) spoof_source(yes)); };
  • also add example of HWF/idx sending syslog to 3rd party

hire-vladimir avatar Dec 09 '15 04:12 hire-vladimir

also need: log { source(s_remote); destination(d_loghost); flags(catchall); }; ^ position on this statement matters or you will not send all events (ex: putting it last in the rules means nothing gets sent)

anthonygtellez avatar Dec 09 '15 04:12 anthonygtellez

good call

hire-vladimir avatar Dec 09 '15 04:12 hire-vladimir

also add example of HWF/idx sending syslog to 3rd party

hire-vladimir avatar Dec 10 '15 20:12 hire-vladimir