1 Reply Latest reply on Sep 18, 2015 8:21 AM by rhinomike

    Receiving ASP via syslog-ng relay


      Hi there,


      Is anyone using syslog-ng relayed data sources?


      I am looking to integrate SIEM with some big data log sources but could not find any clear definition about what the raw syslog-ng relayed data sources look like.


      I am aware that the SIEM works with both Splunk and Syslog-ng servers as relays but given the platforms I'm using aren't supported relays I will more likely have to template my data streams to match the format expected by McAfee.


      Anyone able to help?



        • 1. Re: Receiving ASP via syslog-ng relay

          I forgot to check the Online Help before asking...


          Details can be found on Help:


          Home > Configuring the ESM > Configuring devices > Event Receiver settings > Receiver data sources > Syslog relay support


          One day I will get used to the idea that the majority (if not all) of this product's help cannot be found using Google searches... LMGTFY :-)