Hi all,
Just wondering has anyone out there managed to configure the Log Forwarding on the LEM Console?
I am trying to see if the LEM can forward logs to Kiwi.
Would appreciate any help on this..
Have you looked at the admin guide for this task?
Enable log forwarding - SolarWinds Worldwide, LLC. Help and Support
Hi curtisi,
Yes, i have gone thru the admin guide prior to seeking help here.
I have configured both the nDepth and Log Forwarding on LEM as well as Kiwi.
However i still do not see any logs from the LEM on Kiwi Syslog.
Not sure if i missed out anything else but on LEM Log Forwarding page under Severity, which option do i choose?
Appreciate the help!
Can you try listening on port 514?
Hi Curtis,
Somehow it worked after reinstalling Kiwi Syslog....not sure why....but...thanks for your help.
May i ask for point 5. The Severity level is applied to all forwarded logs <- does this mean all logs forwarded to the Kiwi or whichever SIEM will see only the severity level that is set on this LEM (eg Informational).
The LEM cannot just forward the original severity?
Correct - it is not possible to preserve the original severity. When logs are forwarded they will include the severity specified in the log forwarding settings in LEM. I'll raise a Feature Request for the ability to preserve the severity.
Any chance for a workaround for this?
