Syslog Connector question - Two part question

This is a two part question:

Part 1 -

I need to send syslog output from SPLUNKs syslog version of 3164 (bsd syslog) to the ArcSight syslog connector so I need to find out the RFC Syslog format that the ArcSight Syslog connector is using and find out if there will be any compatibility issues with that?

If the ArcSight connector uses 5424 Syslog format, does it accept the 3164 bsd syslog format from another device ? Is there backwards compatibility or not? thanks

-----------------------------------------------------------

Part 2 -

If this is a viable solution, then I would like to know what would be the correct choice in this case:

What is better for the ArcSight syslog connector in this scenario, syslog pipe or a syslog file?

Does it matter which one you use? Any help would be really appreciated. Thanks

Parents
  • I just setup the Syslog daemon connector but I'm getting "Connector parameters did not pass the verification with error [0:Unable to bind to port to 514]

    The options I set for the install are:

    Network Port: 514

    IP Address: (ALL)

    Protocol : Raw TCP or UDP

    forwarder: false

    Anything incorrect in the setup? Any ideas on why I'm getting that error? Thanks

    Also, I have the syslog daemon installed on the manager to listen on port 514. Is that causing a problem?

    Is it better to install the daemon on another device and then forward to the manager?

    Ok, forget all the above. I got the syslog daemon connector installed. so now I will be checking to see what kind of output we're getting from SPLUNK.

Reply
  • I just setup the Syslog daemon connector but I'm getting "Connector parameters did not pass the verification with error [0:Unable to bind to port to 514]

    The options I set for the install are:

    Network Port: 514

    IP Address: (ALL)

    Protocol : Raw TCP or UDP

    forwarder: false

    Anything incorrect in the setup? Any ideas on why I'm getting that error? Thanks

    Also, I have the syslog daemon installed on the manager to listen on port 514. Is that causing a problem?

    Is it better to install the daemon on another device and then forward to the manager?

    Ok, forget all the above. I got the syslog daemon connector installed. so now I will be checking to see what kind of output we're getting from SPLUNK.

Children
No Data