Hello Jed,

sorry for the late answer. Unfortunately we do not have experience with RSA Archer.

I browsed their website, but I have only found examples about log collection, nothing about forwarding it.

Can you point me towards some documentation? (tip: I wireshark examination might be helpful in this situation.)

Br,

Laci

On Tue, Jul 24, 2018 at 8:46 PM, Carter, Jed <JCARTER15@partners.org> wrote:

Hi,

We are trying to configure RSA Archer to send its logs to our syslog-ng server. When the engineers push data to syslog-ng we see it in the logs but the Archer engineers say they are the three-way handshake occur so Archer stops sending data. They seem to think it’s our config but I have RSA Netwitness sending logs to syslog-ng without any issues. Has anyone seen this problem before or know of a solution that I can try?

Thanks,

Jed

The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq