3 Replies Latest reply on Jul 1, 2013 2:30 PM by althena

    Syslog-NG

    uzanatta

      Hi,

       

      how do I configure the syslog-ng server in order to sending events to the Receiver?

       

      Thanks,

        • 1. Re: Syslog-NG

          source s_local {           internal();           system(); };

          source s_external {           udp(keep_hostname(yes) keep_timestamp());           tcp(keep_hostname(yes) keep_timestamp()); };

          destination d_nitro_siem_receiver { syslog("receiver.mycompany.com" transport("tcp") port(514)); };

          log { source(s_local); source(s_external); destination(d_nitro_siem_receiver); };

           

           

          So basically you define your sources, in this case the syslog-ng server is a central logger, so one of the sources is syslog that it receives.

          Then you define the destinations where you will send and the protocol (TCP recommended).

           

          Finally, you define a log statement, plugging in the sources and destination you defined earlier.

           

          For your receiver, you will need to configure a data source client for each system that is sending syslog to the syslog-ng server, and it will work by hostname, not by IP.

          Then you add syslog-ng to your receiver as well as a single data source.

          1 of 1 people found this helpful
          • 2. Re: Syslog-NG
            uzanatta

            Hi,

             

            thank you very much. Do you think that I need to set "chain_hostname(no)" too?

            • 3. Re: Syslog-NG

              I didn't need to and in my own test it didn't change the output at all... so I do not know.