Hi All,
I need to configure a profile into Kiwi syslog server, so that network devices logs can be forwarded for Analysis (SIEM) . Kindly suggest how can i take forward.
Launch the Kiwi Syslog Console from the icon or from the start menu
Choose File and then Setup
Right Click on Rules then Add Rules
Right Click on the New Rule and then Add Filter
Create a rule for the IP address(s) you want to forward by selecting the IP Address Field from the Pulldown Boxes. You can use multiple as long as they are seperated by commas
Make sure you enclose them with double quotes then hit Apply. This will include the source IP(s) you want to forward.
Right Click Action then Add Action
Select Send Syslog Message from the Action pulldown
Put in the destination you would like to forward the Syslog to, your SIEM server...
You can create a rule to forward the messages to additional hosts.
Hi Bob,
Can you pls share the steps how to create the rule. I am very new to this pls.
Regards,
Raghu M
Thanks ..... solution is working fine now.
But i need to forward logs only from network devices (Router, switches,wlc.... etc). How can i implement this.
Raghu
You should be able to do that (Router, switches,wlc.... etc) by using the 'Filters'. Look at the dropdown box and see if any of the other options will work
in your environment.
