[syslog-ng] ArcSight Server As Destination?
Ivey, Chris
Chris.ivey at acs-inc.com
Wed May 16 14:10:58 CEST 2007
Folks,
Does anyone have any experience with using syslog-ng to forward
messages along to an ArcSight server? I set it up for a support group here,
but apparently they are having issues. Per ArcSight support:
<quote>
"I looked over the information you had uploaded already, and is
actually a common issue. When syslog events are forwarded from one syslog
server to another syslog server, or pipe, or file, the forwarding syslog
server prepends timestamp and other information, which makes the message
unusable.
We require syslog message to adhere to the standard RFC syslog
format for the connector to read them, and when forwarding syslog messages
that is not the case and we are unable to support that configuration."
</quote>
Does anyone have any insight they can share with me for this issue? The
group is now asking that I install their agent on my server, which I am VERY
loath to do since the box is about at it's limit as it is. Thanks all!
Chris Ivey
Affiliated Computer Services
Enterprise Management Integration Services
Infrastructure Management Senior Analyst
chris.ivey at acs-inc.com
"I have not failed, I have simply found 10,000 ways which do not work!" --
Thomas Edison
"When you find yourself in a hole, the best thing to do is stop digging!" --
Nick Stokes
"I reject your reality, and substitute my own!" -- Adam Savage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070516/e08cc020/attachment.html
More information about the syslog-ng
mailing list