[syslog-ng] ArcSight Server As Destination?
Tom Le
dottom at gmail.com
Tue May 22 04:39:13 CEST 2007
On Mon, 2007-05-21 at 09:23 -0500, Ivey, Chris wrote:
> As I was discussing this issue with a colleague this AM, the question
> arose as to whether or not the restamping of messages from syslog-ng
> can be turned on and off for selected destinations, or if that was a
> global option. Anyone know?
If you can provide an example of the following we can provide some
recommendations:
1. Original syslog message
2. Current forwarded syslog message (received by ArcSight)
3. Desired forwarded syslog message (the format ArcSight requires)
4. Your syslog-ng.conf (remove any IP's or other private info)
Should be easy to solve either with templates or modifying syslog-ng
options. Also let us know if there are multiple syslog-ng servers involved
(e.g. Unix server forwarding to centralized syslog-ng server forwarding to
ArcSight).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070521/061560a3/attachment.htm
More information about the syslog-ng
mailing list