Hi, is it possible to sent vrrp events to a remote syslog server (splunk)? Right now we are not aware of any vrrp changes if we do not check the system/messages log.. Would it be possible to send the content of the "messages" file via syslog?
Thanks in advance
If it's in /var/log/messages that means the message passed through the syslog daemon, so I would assume it's possible.
Did you try configuring a syslog rule like *.* @splunk ?
Hi Jon, sorry for the delayed answer.. I configured daemon.info @splunkIP:514 but still do not get any logs into the siem
furthermore I found this entry in message log: kernel: Kernel logging (proc) stopped.
If I configure *.* @splunkIP , wouldn't the proxy send all kind of logs to the siem?
Thanks very much in advance