1 Reply Latest reply on Oct 11, 2016 9:56 PM by yd9038

    How to collect Syslog and Netflow from the same device?

    bstephens@stalwartsystems.com

      Hello,

       

      We have several routers that we would like to collect logs and flows from however I am running into a problem setting that up? I can't create 2 data sources that are the same name/IP. Is there a way to configure this?

       

       

      thanks,

       

      Brandon

        • 1. Re: How to collect Syslog and Netflow from the same device?
          yd9038

          Brandon,

          You can try this:

          1. Have a DNS record created for the router/switch
          2. Add it to SIEM as a datasource with the IP address

              

               3. Add it again, but this time w/o the IP address. If it doesn't accept the Name, you can change it to whatever you want to. This time you will specify the Host Name           which is going to be its FQDN.

                    ,

           

          It's in general a good idea to use FQDN instead of IP Address, a datasource will still be collecting/receiving logs even if the IP address of the host changes, as long as its FQDN remains same.

           

          I hope this helps.