[Oisf-users] Syslog - fast.log - rsyslog
Tiago Faria
tiago.faria.backups at gmail.com
Thu Apr 12 09:12:32 UTC 2018
As I follow up ... Permissions. rsyslog couldn't read the log file.
Creating a discussion list thread for incorrect permissions is
embarrassing, to say the least! :) rsyslog can now read and the information
I posted before forwards the log just fine.
On Thu, Apr 12, 2018 at 9:45 AM, Tiago Faria <tiago.faria.backups at gmail.com>
wrote:
> I'm actually using UDP for sending the messages, therefor the single @.
> Still can't get any messages from fast.log, though. All syslog is sent
> except for the imfile directive for fast.log. :/
>
> On Wed, Apr 11, 2018 at 11:33 PM, Greg Grasmehr <greg.grasmehr at caltech.edu
> > wrote:
>
>> That should be @@server:514
>>
>> Greg
>>
>> On 04/11/18 10:29:28, Tiago Faria wrote:
>> > Thanks Greg! Makes sense.
>> >
>> > Using the following in rsyslog.conf:
>> >
>> > input (
>> > type="imfile"
>> > File="/var/log/suricata/fast.log"
>> > Tag="Suricata"
>> > Severity="info"
>> > Facility="local5")
>> >
>> > and relaying all facility to the SIEM, with:
>> >
>> > *.* @server:514
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180412/eacede62/attachment.html>
More information about the Oisf-users
mailing list