Logger 6.1: receive logs in CEF format from centOS
We have ArcSight logger 6.1 installed. We want to send CentOS syslogs to the logger and see them on ArcSight console in CEF format. At present we have configured CentOS rsyslog daemon to send logs to ArcSight logger at UDP port 5924 (configured UDP receiver). The logs are coming but are in RAW format.
We want to receive the logs in CEF format. How can we do that? I tried to search for it and think that I need to install a collector in the logger server that will convert the logs in CEF, is that correct? if so how do I do that?