the script pull the logs to the local server but not send them to my siem collector #82
Comments
ithamar21
changed the title
|
You cannot write logs to a file AND send them to a syslog server, only one of them. This is set here https://github.com/sophos/Sophos-Central-SIEM-Integration/blob/master/config.ini#L24 You specify a filename to write to the file, or syslog to forward the events to the siem server. |
|
Hi so if i want only send syslog to my siem how i do this?
What i change to change in my script?
בתאריך יום ה׳, 1 בדצמ׳ 2022, 17:37, מאת tony ennis <
***@***.***>:
… You cannot write logs to a file AND send them to a syslog server, only one
of them.
This is set here
https://github.com/sophos/Sophos-Central-SIEM-Integration/blob/master/config.ini#L24
You specify a filename to write to the file, or syslog to forward the
events to the siem server.
—
Reply to this email directly, view it on GitHub
<#82 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOVP3VOVJRAIKOELHUKTWMTWLDA5BANCNFSM6AAAAAARIKUASE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
i try to get the logs from sophos to send them to my siem.
i set the remote ip in the syslog properties
port 514 udp
the facility is daemon
i set the filename were i want him to save the file.
i make a cron job run any 1 min.
the file is created and pull the logs.
but my problem is the script not forwarding the logs to my siem using syslog.
the linux server itself send to my siem system logs correctly but the sophos logs not showing.
i use ubuntu 22.04.
Thank you
The text was updated successfully, but these errors were encountered: