[Oisf-users] Syslog - fast.log - rsyslog
Greg Grasmehr
greg.grasmehr at caltech.edu
Wed Apr 11 00:22:32 UTC 2018
AFAIK you either have to configure local rsyslog to monitor the fast.log
output with imfile and forward it, or do as we do and output to unified2
file and use Barnyard2 to forward to local5 and config your local
rsyslog.conf to forward to your remote server
Greg
On 04/10/18 23:29:53, Tiago Faria wrote:
> Hi list,
>
> In a environment where my syslog data is being forwarded to a collector (SIEM,
> for example), previously, I was able to get the output that can be found in
> fast.log from syslog itself (and those messages would end up in the SIEM).
>
> On my latest test, though, I can’t.
>
> Other than specifying the syslog output, is there anything that needs to be
> done so that Suricata also writes to syslog (in this particular case, rsyslog)?
>
> Thank you.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list