Security Omnion/Arcsight Integaration- syslog configuration
71 views
Skip to first unread message
Eli Tunkel
May 8, 2017, 9:01:09 AM5/8/17
to security-onion
Hi Guys,
I am looking to integrate security onion with Arcsight, and send all the logs to the Arcisght console, via syslog.
I would appreciate if someone have experienced with that before.
Thanks ahead,
I am looking to integrate security onion with Arcsight, and send all the logs to the Arcisght console, via syslog.
I would appreciate if someone have experienced with that before.
Thanks ahead,
Wes Lambert
May 8, 2017, 11:19:04 AM5/8/17
to securit...@googlegroups.com
Eli,
The following may be helpful:
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Eli Tunkel
May 9, 2017, 5:27:49 AM5/9/17
to security-onion
Configure /etc/syslog-ng/syslog-ng.conf with a new destination to forward to your external syslog collector and then restart syslog-ng.
Hi,
I want to verify the required syslog syntax to be added to the conf file.
Thanks,
Wes Lambert
May 10, 2017, 12:37:36 PM5/10/17
to securit...@googlegroups.com
Eli,
You can simply copy and modify the existing log / destination stanzas in /etc/syslog-ng/syslog-ng.conf.
Thanks,
Wes
Reply all
Reply to author
Forward
0 new messages