[syslog-ng] use of Syslog-ng to filter logs for forwarding to Splunk

Thu May 18 11:37:23 UTC 2017

Hi Stuart,

Although it is not explicitly mentioned in the docs (I should add a section
sometime), syslog-ng can do this. You can find more details about it in
these Splunk blogposts:
https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html
<https://www.google.com/url?q=https%3A%2F%2Fwww.splunk.com%2Fblog%2F2017%2F03%2F30%2Fsyslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html&sa=D&sntz=1&usg=AFQjCNHA6B3pNK8iYkhvMNKJAofoQBv9NA>
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/
<https://www.google.com/url?q=https%3A%2F%2Fwww.splunk.com%2Fblog%2F2016%2F03%2F11%2Fusing-syslog-ng-with-splunk%2F&sa=D&sntz=1&usg=AFQjCNFszFq3emOTowQPzMgYOMdJ_txVEQ>

HTH,
Robert

On Thu, May 18, 2017 at 1:12 PM, Stuart Martin <S.Martin at sstl.co.uk> wrote:

> Hi
>
>
>
> We are looking to collect logs from servers and devices in our DMZ and
> then filter the logs of unnecessary information to then be sent to our
> internal Splunk instance.
>
>
>
> Would Syslog-ng OSE edition be capable of this task?
>
>
>
> I’ve started to read through your excellent documentation for the OSE
> edition, I was wondering what route I should take to configure it for the
> scenario described above? The link I am thinking is correct is the “To
> configure syslog-ng OSE as a relay that receives log messages from client
> hosts and forwards them to a central logserver, see *Procedure 4.2,
> Configuring syslog-ng on server hosts*
> <https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configure-servers.html>
> .”
>
>
>
> Does that sound correct?
>
>
>
> Many Thanks
>
>
>
> Kind Regards
>
>
>
> *Stuart Martin*
>
> *Infrastructure Security Engineer*
>
> Surrey Satellite Technology Ltd
> Tycho House, 20 Stephenson Road, Surrey Research Park, Guildford, GU2 7YE
>
> Tel: +44 (0)1483 803803 <+44%201483%20803803> | Fax: +44 (0)1483 803804
> <+44%201483%20803804> | Email: s.martin at sstl.co.uk
> www.sstl.co.uk http://twitter.com/SurreySat
>
>
>
> P Please consider the environment before printing this e-mail
>
>
>
> This e-mail and any attachments may contain confidential and privileged
> information. If you are not the intended recipient, please notify the
> sender
> immediately by return e-mail, delete this e-mail and destroy any copies.
> Any dissemination or use of this information by a person other than the
> intended recipient is unauthorized and may be illegal.
>
>
>
>
> *------------------------------ *The information contained in this
> message is intended for the addressee only and may contain sensitive
> information. If you are not the addressee, please delete this message and
> notify the sender; you should not copy or distribute this message or
> disclose its contents to anyone. Any views or opinions expressed in this
> message are those of the individual(s) and not necessarily of the
> organisation. No reliance may be placed on this message without written
> confirmation from an authorised representative of its contents. No
> guarantee is implied that this message or any attachment is virus free or
> has not been intercepted and amended.
> *------------------------------*
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170518/7c9b2bb0/attachment-0001.html>