Does anyone know if there is a way to configure how syslogs are received in NPM?
I am doing log forwarding from my SIEM, but it will not take the syslog from the SIEM.
The SIEM is sending <PRIORITY> TIMESTAMP HOSTNAME MESSAGE, but NPM just puts the HOSTNAME as part of the message, it does not accept it as the HOSTNAME or IP address as fields.
How can I correct that?
RFC-3164 states that this is how messages should be forwarded.
Thanks for any insight.
We certainly should be parsing data from that message, and many customers have configured syslog to take data from a forwarder (transparent or not) or to act as a forwarder. Perhaps a support ticket may be the quickest route to resolution here.