[rsyslog-notify] Forum Thread: Re: omudspoof and ASA - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Feb 25 01:07:33 CET 2014
User: zangfro
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24253#p24253
Message:
----------
With that configuration from what I was told, the rsyslog closest to the
SIEM would spoof the IP to that of the far end rsyslog server, so all logs
would appear as if they were coming from there and not the individual
devices. I am doing a little more research, we have two different SIEMs,
one of them had the parsing issue which made us implement the UDP spoof
module.
More information about the rsyslog-notify
mailing list