2 Replies Latest reply on Aug 17, 2011 5:43 PM by Shri

    Solarwinds SYSLOG and Triwpire

    Shri

      Background:


      We are using the Solarwinds as the monitoring and alerting tool. However Tripwire has been the preferred Security tool. Note that this was decided long before Orion acquired the Security tool add on.


       


      Solarwinds snmp polls all managed devices in  and receives traps and syslog data. Solarwinds has a syslog server.


       


      Can the Solarwinds syslog server forward all ‘syslog data’ unfiltered to Tripwire? in other words, if trapped raw data can be sent to tripwire.


       


      We are avoiding to have a Tripwire Syslog server.


      Can I have some advice on this please.

        • Re: Solarwinds SYSLOG and Triwpire
          byrona

          You should be able to forward on the Syslogs from SolarWinds to another system and tell it to "Retain the original source address of the message"; by doing this I think you will essentially be accomplishing your "unfiltered" goal.

          To do this all you need to do is go setup a syslog alert for all logs and for the Alert Action choose Forward the Syslog Message where you will have a check box to retain the original source address of the message.

          Hope this helps!