      how do I configure the syslog-ng server in order to sending events to the Receiver?



        • 1. Re: Syslog-NG

          source s_local {           internal();           system(); };

          source s_external {           udp(keep_hostname(yes) keep_timestamp());           tcp(keep_hostname(yes) keep_timestamp()); };

          destination d_nitro_siem_receiver { syslog("receiver.mycompany.com" transport("tcp") port(514)); };

          log { source(s_local); source(s_external); destination(d_nitro_siem_receiver); };



          So basically you define your sources, in this case the syslog-ng server is a central logger, so one of the sources is syslog that it receives.

          Then you define the destinations where you will send and the protocol (TCP recommended).


          Finally, you define a log statement, plugging in the sources and destination you defined earlier.


          For your receiver, you will need to configure a data source client for each system that is sending syslog to the syslog-ng server, and it will work by hostname, not by IP.

          Then you add syslog-ng to your receiver as well as a single data source.

          • 2. Re: Syslog-NG



            thank you very much. Do you think that I need to set "chain_hostname(no)" too?

            • 3. Re: Syslog-NG

              I didn't need to and in my own test it didn't change the output at all... so I do not know.