[Oisf-users] Syslog - fast.log - rsyslog
Tiago Faria
tiago.faria.backups at gmail.com
Thu Apr 12 08:45:15 UTC 2018
I'm actually using UDP for sending the messages, therefor the single @.
Still can't get any messages from fast.log, though. All syslog is sent
except for the imfile directive for fast.log. :/
On Wed, Apr 11, 2018 at 11:33 PM, Greg Grasmehr <greg.grasmehr at caltech.edu>
wrote:
> That should be @@server:514
>
> Greg
>
> On 04/11/18 10:29:28, Tiago Faria wrote:
> > Thanks Greg! Makes sense.
> >
> > Using the following in rsyslog.conf:
> >
> > input (
> > type="imfile"
> > File="/var/log/suricata/fast.log"
> > Tag="Suricata"
> > Severity="info"
> > Facility="local5")
> >
> > and relaying all facility to the SIEM, with:
> >
> > *.* @server:514
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180412/d4681564/attachment.html>
More information about the Oisf-users
mailing list