[rsyslog-notify] Forum Thread: Re: Inserting information into Log received from remote host - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Nov 3 20:29:49 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26101#p26101
Message:
----------
probably not, but it depends on what format your SIEM is looking for.
write the output to a file and you can see what the resulting format looks
like.
unless the SIEM has broken syslog handling (which several do), you should
not need to send raw logs. If it is broken, you may need to use the
omudpspoof module. It all depends on what the SIEM is doing to figure out
what the host is.
More information about the rsyslog-notify
mailing list