[syslog-ng] Syslog-ng OSE with Juniper SIEM
PÁSZTOR György
pasztor at linux.gyakg.u-szeged.hu
Mon Jun 8 10:49:43 CEST 2015
Hi,
"Muhammad Asim" <masim at juniper.net> írta 2015-06-08 07:46-kor:
> Thanks, the main objective is to reduce the EPS rate towards the SIEM which is Juniper Secure Analytics (QRadar).
>
> So my question is if the syslog-ng OSE is getting 100K logs/sec then would I able to send those logs to the QRadar system with reduce EPS rate i.e 2500EPS.
I am not sure if I understand you well.
How did you plan that to achieve?
Drop the 97,5% of the logs based on...?
Or does the logs correlate with each other, and in real: 40 log event is
about one "real"/ big event, which should be transformed somehow into one?
Can you show example about what you would expect?
Eg. show 200 incoming log event example, and show the other 5 which should
be leave the syslog-ng towards qradar?
Kind regards,
György Pásztor
More information about the syslog-ng
mailing list