[syslog-ng] use of Syslog-ng to filter logs for forwarding to Splunk
Stuart Martin
S.Martin at sstl.co.uk
Thu May 18 11:45:19 UTC 2017
Hi Robert,
Great, thanks for coming back to me so quickly with very useful information. Can I just confirm that the OSE will support this, don’t need Premium or anything?
Many Thanks
Kind Regards
Stuart
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Fekete, Róbert
Sent: 18 May 2017 12:37
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] use of Syslog-ng to filter logs for forwarding to Splunk
Hi Stuart,
Although it is not explicitly mentioned in the docs (I should add a section sometime), syslog-ng can do this. You can find more details about it in these Splunk blogposts:
https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html<https://www.google.com/url?q=https%3A%2F%2Fwww.splunk.com%2Fblog%2F2017%2F03%2F30%2Fsyslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html&sa=D&sntz=1&usg=AFQjCNHA6B3pNK8iYkhvMNKJAofoQBv9NA>
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/<https://www.google.com/url?q=https%3A%2F%2Fwww.splunk.com%2Fblog%2F2016%2F03%2F11%2Fusing-syslog-ng-with-splunk%2F&sa=D&sntz=1&usg=AFQjCNFszFq3emOTowQPzMgYOMdJ_txVEQ>
HTH,
Robert
On Thu, May 18, 2017 at 1:12 PM, Stuart Martin <S.Martin at sstl.co.uk<mailto:S.Martin at sstl.co.uk>> wrote:
Hi
We are looking to collect logs from servers and devices in our DMZ and then filter the logs of unnecessary information to then be sent to our internal Splunk instance.
Would Syslog-ng OSE edition be capable of this task?
I’ve started to read through your excellent documentation for the OSE edition, I was wondering what route I should take to configure it for the scenario described above? The link I am thinking is correct is the “To configure syslog-ng OSE as a relay that receives log messages from client hosts and forwards them to a central logserver, see Procedure 4.2, Configuring syslog-ng on server hosts<https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configure-servers.html>.”
Does that sound correct?
Many Thanks
Kind Regards
Stuart Martin
Infrastructure Security Engineer
Surrey Satellite Technology Ltd
Tycho House, 20 Stephenson Road, Surrey Research Park, Guildford, GU2 7YE
Tel: +44 (0)1483 803803<tel:+44%201483%20803803> | Fax: +44 (0)1483 803804<tel:+44%201483%20803804> | Email: s.martin at sstl.co.uk<mailto:s.martin at sstl.co.uk>
www.sstl.co.uk<http://www.sstl.co.uk/> http://twitter.com/SurreySat
P Please consider the environment before printing this e-mail
This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the
intended recipient is unauthorized and may be illegal.
________________________________
The information contained in this message is intended for the addressee only and may contain sensitive information. If you are not the addressee, please delete this message and notify the sender; you should not copy or distribute this message or disclose its contents to anyone. Any views or opinions expressed in this message are those of the individual(s) and not necessarily of the organisation. No reliance may be placed on this message without written confirmation from an authorised representative of its contents. No guarantee is implied that this message or any attachment is virus free or has not been intercepted and amended.
________________________________
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
The information contained in this message is intended for the addressee only and may contain sensitive information. If you are not the addressee, please delete this message and notify the sender; you should not copy or distribute this message or disclose its contents to anyone. Any views or opinions expressed in this message are those of the individual(s) and not necessarily of the organisation. No reliance may be placed on this message without written confirmation from an authorised representative of its contents. No guarantee is implied that this message or any attachment is virus free or has not been intercepted and amended.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170518/354ae5f9/attachment.html>
More information about the syslog-ng
mailing list