Hello Jed, sorry for the late answer. Unfortunately we do not have experience with RSA Archer. I browsed their website, but I have only found examples about log collection, nothing about forwarding it. Can you point me towards some documentation? (tip: I wireshark examination might be helpful in this situation.) Br, Laci On Tue, Jul 24, 2018 at 8:46 PM, Carter, Jed <JCARTER15@partners.org> wrote:

Hi,

We are trying to configure RSA Archer to send its logs to our syslog-ng server. When the engineers push data to syslog-ng we see it in the logs but the Archer engineers say they are the three-way handshake occur so Archer stops sending data. They seem to think it’s our config but I have RSA Netwitness sending logs to syslog-ng without any issues. Has anyone seen this problem before or know of a solution that I can try?

Thanks,

Jed

The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq