3 Replies Latest reply on Jul 14, 2014 10:43 AM by feeeds

    Forwarding Syslog to ESM


      I'm looking for a solution to send syslog events to ESM from a 3rd party solution.


      The logs are coming from another location and I don't want to put another reciver at that location.  I would like to have the logs encrypted as well.


      I looked into Splunk but I can't seem to find a way to get it to work.  Is anyone doing something like this?  If so, what are you using?



        • 1. Re: Forwarding Syslog to ESM

          If your source is a linux/Unix, it should have a build in syslog server which can be configured to send over to Nitro. If not, I have used the snare clients in the past and have had luck with them. Just google snare for windows or snare for linux.  It's been a while since I used splunk, but from what I recall, its only a receiver, you can't use it to grab syslog, you need an agent to send events into splunk.

          • 2. Re: Forwarding Syslog to ESM

            More so looking to grab syslog from Routers,Switches and firewalls.

            • 3. Re: Forwarding Syslog to ESM

              We do the same thing. Routers send flows, and switches send events over syslog. They should (at least Cisco does) have the ability to send over syslog built in. Firewalls depend on the vendor, but typically you have to grab those, and McAfee should have a listener for most firewall vendors, you don't need to send those over syslog.