[rsyslog-notify] Forum Thread: ArcSight CEF to RSyslog - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Apr 28 14:06:13 CEST 2016
User: lasha
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26511#p26511
Message:
----------
Hi,
I am using ArcSight to send some data to RSyslog in CEF format (CEF
Syslog). But ArcSight generates record in 2.2 version of CEF and there is a
name of severity instead of severity ID. RSyslog cannot understand this
format and it needs ID. Can I manage RSyslog configuration so that it
"read" severity name? Is there any ideas?
Thanks for your answers in advance.
PS: CEF:0|ArcSight|ArcSight|7.1.7.7600.0|agent:036|Device connection
up|Low| eventId=2...
More information about the rsyslog-notify
mailing list