[rsyslog-notify] Forum Thread: Re: Rule block issue - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Mar 14 23:01:50 CET 2017
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=27196#p27196
Message:
----------
if you enable impstats it will tell you how many log messages that action
has processed, which will tell you for sure if it's sending messages or if
the messages are not gettting through.
It's possible that your SIEM system is not seeing or not understanding the
messages that you are sending it, and therefor is misfiling them. I like to
do test messages with the string 'testtest' in them and then search for
that string on the destination system. Odds are that they are getting
through, but just not getting interpreted the way you think they should.
More information about the rsyslog-notify
mailing list