[syslog-ng] ArcSight Server As Destination?
Ivey, Chris
Chris.ivey at acs-inc.com
Fri May 18 14:09:31 CEST 2007
Many thanks to those of you who responded to this question already. I have
decided to "raise the B.S. flag" with ArcSight on this one. The more I talk
to the person here who is acting as the middle-man between myself and
ArcSight, the more I think that ArcSight has an issue on their side. I will
more than likely be re-posting after talking directly to ArcSight next week.
Thanks all!
Chris Ivey
Affiliated Computer Services
Enterprise Management Integration Services
Infrastructure Management Senior Analyst
chris.ivey at acs-inc.com
"I have not failed, I have simply found 10,000 ways which do not work!" --
Thomas Edison
"When you find yourself in a hole, the best thing to do is stop digging!" --
Nick Stokes
"I reject your reality, and substitute my own!" -- Adam Savage
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Thursday, May 17, 2007 3:45 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] ArcSight Server As Destination?
On Thu, 2007-05-17 at 08:38 -0700, Evan Rempel wrote:
> Balazs Scheidler wrote:
> > Syslog-ng forwards messages in the same
> > format as it receives it, it does not prepend headers, only replaces
> > values if it is configured to do so.
>
> Really? My experience is one where syslong-ng receives a syslog message
that does NOT
> contain a timestamp, and syslog-ng forwards it with a timestamp because
the receiver
> portion of syslog-ng has added a timestamp.
I meant that syslog messages are forwarded as syslog messages. If your
incoming messages lack a header, then those are not syslog messages.
You can remove outgoing headers by using a custom template and not
adding the $DATE and $HOST portions.
You can also prevent syslog-ng to try to parse a message as syslog
message by using the flags(no-parse) option for the source.
--
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070518/b9883bbe/attachment.html
More information about the syslog-ng
mailing list