cancel
Showing results for 
Search instead for 
Did you mean: 

Forwarding Syslog to ESM

I'm looking for a solution to send syslog events to ESM from a 3rd party solution.

The logs are coming from another location and I don't want to put another reciver at that location.  I would like to have the logs encrypted as well.

I looked into Splunk but I can't seem to find a way to get it to work.  Is anyone doing something like this?  If so, what are you using?

Thanks

3 Replies
feeeds
Level 9
Report Inappropriate Content
Message 2 of 4

Re: Forwarding Syslog to ESM

If your source is a linux/Unix, it should have a build in syslog server which can be configured to send over to Nitro. If not, I have used the snare clients in the past and have had luck with them. Just google snare for windows or snare for linux.  It's been a while since I used splunk, but from what I recall, its only a receiver, you can't use it to grab syslog, you need an agent to send events into splunk.

Re: Forwarding Syslog to ESM

More so looking to grab syslog from Routers,Switches and firewalls.

feeeds
Level 9
Report Inappropriate Content
Message 4 of 4

Re: Forwarding Syslog to ESM

We do the same thing. Routers send flows, and switches send events over syslog. They should (at least Cisco does) have the ability to send over syslog built in. Firewalls depend on the vendor, but typically you have to grab those, and McAfee should have a listener for most firewall vendors, you don't need to send those over syslog.