[syslog-ng] eStreamer src Integration

Scheidler, Balázs balazs.scheidler at balabit.com
Sun Jul 30 20:04:44 UTC 2017


Hi,

I have quickly checked out this document:
http://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/estreamer/EventStreamerIntegrationGuide/Protocol.html

It seems that it is a protocol that is completely independent of syslog.
The connection is established in a reverse direction (e.g. the node that
wants to get logs has to establish the connection), then it needs to
specify the kind of messages it is interested in and then receive the
messages on the same connection.

This probably requires a dedicated source driver in syslog-ng. I think the
various language bindings would not support this, so it has to be written
in C. Alternatively you can write a program that polls these messages and
writes them to stdout, which then can be processed by syslog-ng.

-- 
Bazsi

On Fri, Jul 28, 2017 at 9:08 PM, Scot <scotrn at gmail.com> wrote:

> Has anyone looked at sending Cisco eStreamer events to syslog-ng ?
>
> We have a couple Cisco Firepower management centers and I would rather use
> syslog-ng over sending directly to splunk so that we may use other
> integrations like elastic and our NMS.
>
> I have the eStreamer SDK on my syslog-ng server and wondered if anyone
> else has worked on this. Search of the user archive says no.
>
>
> Thanks
> Scot
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170730/3cccdc4b/attachment.html>


More information about the syslog-ng mailing list