rsyslog with SSIM

Created: 11 Oct 2012
suporte.symantec's picture
suporte.symantec Partner
Login to vote
0 0 Votes

 

Hello,
 
        I have a question, rsyslog works fine with SSIM ?
 
        I configured my rsyslog to send logs to SSIM Server, by the way, the messages are categorized as Generic Syslog Collector and not as UNIX (R) OS Event Collector.
 
        I made the same configuration using syslog and it works.
 
        What's could be wrong?
 
 
Thanks in advance

      

 

Filed Under

Tags:
, , ,

Comments

Avkash K's picture
Avkash K
Partner
11
Oct
2012
Votes
0

yes rsyslog works fine with

yes rsyslog works fine with SSIM.

 

By default, you need to check whether you have configured your UNIX Event collector to receive the logs.

If the logs are not parsed by the UNIX collector, it will be parsed by Generic syslog collector.

 

Regards,

Avkash K

suporte.symantec's picture
suporte.symantec
11
Oct
2012
Votes
0

  OK Avkash K         I

 

OK Avkash K
 
 
    I configured the UNIX Event Collector, but the messages are parsed just by Generic syslog Collector.
 
    Thanks!
Laurent_c's picture
Laurent_c
Symantec Employee
Accredited
11
Oct
2012
Votes
0

It is a signature issue with

It is a signature issue with redirector.

could you post sample event that goes to the generic syslog rather than Unix collector ?

suporte.symantec's picture
suporte.symantec
11
Oct
2012
Votes
0

  Hi,     So, I  removed all

 

Hi,
 
 
So, I  removed all configurations and  a new installation Linux Agent and Unix Syslog, but nothing changed.
 
Right now, do not log about in my SSIM Server.
 
I tested trying to logon using wrong password and logs are send but don't show nothing in my queries
 
14:08:22.850739 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 148
14:08:24.755148 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 95
14:08:30.008516 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 97
14:08:30.021954 IP 192.168.X.Y.38433 > 172.16.A.B.10525: UDP, length 99
 
My Client = 192.168.X.Y
My Server = 172.16.A.B 
Ps.: There are normal comunication between servers.
 
I configured my rsyslog.conf on UDP port 514 and 10525 to test.
 
My Linux client kernel = 2.6.32-131.2.1.el6.x86_64
 
Thanks!
Laurent_c's picture
Laurent_c
Symantec Employee
Accredited
11
Oct
2012
Votes
0

could you enalbe the generic

could you enalbe the generic syslog event collector and enable raw event logging.

Then could you post a sample of these raw events ? (you ahve a field called raw_event)

 

This is certainly a signature configuration if they reach the generic syslog.