5 Replies Latest reply on Jun 6, 2016 3:04 PM by kdevmu

    Can LEM accept RSYSLOG?

    kdevmu

      My Firewall is sending logs to rsyslog server which forwards the syslogs to LEM. Problem here is, in Rsyslog we have enabled OMUDPSPOOF module in order to change the source IP of the node which actually wraps the syslog in to 'lsyslog' format. So I just want to check whether due to this LEM is not able to detect the node or what? Can see the logs forwarded from rsyslog server to LEM and connector for the firewall is already enabled still dont see it detecting this node.

       

      Please help.

        • Re: Can LEM accept RSYSLOG?
          curtisi

          The connector is going to be expecting a specific format, likely the original format of the firewall.  If rsyslog manipulates/changes the log lines, the connector isn't going to know what to do with that data any more.

           

          We have some intelligence for syslog servers modifying data built around Kiwi Syslog, so this may be something that could be sent up as a feature request.

          • Re: Can LEM accept RSYSLOG?
            HolyGuacamole

            Can you rsyslog log to a text file in an unmodified format? If so, you should be able to install the LEM Agent on the rsyslog server, and enable a connector on the agent node to read the firewall log from this text file