That should be @@server:514 Greg On 04/11/18 10:29:28, Tiago Faria wrote: > Thanks Greg! Makes sense. > > Using the following in rsyslog.conf: > > input ( > type="imfile" > File="/var/log/suricata/fast.log" > Tag="Suricata" > Severity="info" > Facility="local5") > > and relaying all facility to the SIEM, with: > > *.* @server:514 >