- Related Products
- ADManager Plus
- ADAudit Plus
- ADSelfService Plus
- Exchange Reporter Plus
- AD360
- Log360
Note: Please take a note of the default port numbers used for the different protocols.
Default port number protocol used
*.*<space/tab>@@<eventloganalyzer_server_name>:<port_no> at the end, where <server_name> is the name of the machine on which EventLog Analyzer is running. Save the configuration and exit the editor.
$DefaultNetstreamDriverCAFile <CACertificate>
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer <commonname>
*.*<space/tab>@@<eventloganalyzer_server_name>:<port_no>
Save the configuration and exit the editor.
Restart the syslog service on the device using the command:
/etc/rc.d/init.d/syslog restart
Note: To configure the syslog-ng daemon in a Linux device, append the following entries at the end of /etc/syslog-ng/syslog-ng.conf
For UDP based log collection:
*.*<space/tab>@<eventloganalyzer_server_name>:<port_no> at the end of the configuration file, where <eventloganalyzer_server_name> is the DNS name or IP address of the machine on which EventLog Analyzer is running. Save the configuration and exit the editor.
For TCP based log collection:
*.*<space/tab>@@<eventloganalyzer_server_name>:<port_no> at the end, where <server_name> is the DNS name or IP address of the machine on which EventLog Analyzer is running. Save the configuration and exit the editor.
Note: Ensure that EventLog Analyzer server that you provide is reachable from the Syslog device.
For TLS based log collection:
destination d_eventloganalyzer { tcp("<hostname>" port(<port>)tls(ca_dir("<CACertificate>") ); };
log { source(src); destination(eventloganalyzer); };
Note: The above configuration will only enable forwarding of machine logs to the EventLog Analyzer server.
Forwarding audit logs to the EventLog Analyzer Server
The below given configurations have to be done in Linux devices under rsyslog.conf (or) syslog.conf :
$InputFileName <Monitored_File_Absolute_Path>
$InputFileStateFile <State_Filename>
$InputFileSeverity <Severity >
$InputFileFacility <Facility >
$InputRunFileMonitor
Example:
$InputFileName /var/log/sample.log
$InputFileStateFile sample
$InputFileSeverity info
$InputFileFacility local6
local6.info @eventloganalyzer-Server:514
Here /var/log/sample.log is the external file to be forwarded.