SSIM receiving log that is not syslog format
Created: 11 Jan 2013 | 2 comments
I have log that is not syslog format but text format(.txt) directing into SSIM UDP port 514(on-box collector) & port 1078(off-box collector)
1) What is problem i need to lookup for?
Discussion Filed Under:
Comments 2 Comments • Jump to latest comment
One it must be accepted by SSIM.
Secondly collector must be available it you want to take advantage of correlation.
Third probleam you might face is special charactor or SSIM must understand when to break and generate new event.
Also Syslog format?
Syslog is a demon used to manage error, info, emargency type of logs.
Syslog demon is responsible for logs but logs type is not created by syslog.
Always syslog writes events in a file located in /var/log/*
you may change it for yur own purpose or separate or murge logs using /etc/syslog.conf
Would you like to reply?
Login or Register to post your comment.