cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
jp
Level 9
Report Inappropriate Content
Message 1 of 3

Import Multiple Syslog Data Sources from Single Server

Jump to solution

Hello All, 

I have a server that has two distinct types of Syslogs. The system syslogs are already being fed into SIEM over the standard port 514. 

I figured no big deal, I can send the other data source over a non-standard port.

However, when I go to set this up, the drop down for the port selection only gives me one option, 514. Is there a way to add more ports here or another work around which will let me setup unique data sources from the same server? 

 

1 Solution

Accepted Solutions
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Import Multiple Syslog Data Sources from Single Server

Jump to solution

perhaps you can use TLS port, just don't check for validity. or have a look under the ERC interface comms tab, to see if you can specify more than one port for syslog.

2 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Import Multiple Syslog Data Sources from Single Server

Jump to solution

perhaps you can use TLS port, just don't check for validity. or have a look under the ERC interface comms tab, to see if you can specify more than one port for syslog.

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Import Multiple Syslog Data Sources from Single Server

Jump to solution

sssyyy is correct, you need to go to the receiver properties and add more ports to the syslog port list.

Brent
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator