Highlighted
manojs Super Contributor.
Super Contributor.
306 views

Sending logs to Logger

Jump to solution

Hi,

Which method is best among “SmartMessage” and “CEF Syslog”  for configuring smartconnectors to send logs to Logger? Any recommendations??


Regards

Manoj S.



Manoj S.
Labels (2)
0 Likes
1 Solution

Accepted Solutions
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Sending logs to Logger

Jump to solution

Fail over works for any destination, but it has to be the same method. So you can have SmartMessage and define a failover destination - thats fine.

However, are you sure you want to do this? Failover is exactly what you think - send to the primary, but should that be unavailable (can't connect for example), then open up the failover destination and send the logs to it. If you have two Loggers, for example, you run the risk of getting some events on one Logger and some on the other! Not great.


I always recommend dual feed to two destinations - that way you can have full copy across two Loggers and the cache is active on both destinations - so you dont lose anything. Failover is just that though, it won't flush the events to the failed destination.

View solution in original post

0 Likes
5 Replies
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Sending logs to Logger

Jump to solution

The recommendation would always to use SmartMessage. It now uses certificate based exchange of details and encrypts the channel used, so you have a level of authentication as well as privacy and non-repudiation on the data. Sending CEF Syslog is simply Syslog data formatted in CEF (Common Event Format). This is unencrypted and also non-authenticated, while easy, doesnt provide any levels of security in place.

SmartMessage is the recommendation.

0 Likes
seniorj@bennett Absent Member.
Absent Member.

Re: Sending logs to Logger

Jump to solution

Just register a connector to <fqdn-of-logger>:443 with the receiver name exactly "SmartMessage Receiver" - no further configuration on logger is neccessary.

0 Likes
manojs Super Contributor.
Super Contributor.

Re: Sending logs to Logger

Jump to solution

Thanks Paul but would this method (SmartMessage) supports failover ??

I need to setup failover destination and as per my understanding failover works with Raw TCP

Manoj S.
0 Likes
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: Sending logs to Logger

Jump to solution

Fail over works for any destination, but it has to be the same method. So you can have SmartMessage and define a failover destination - thats fine.

However, are you sure you want to do this? Failover is exactly what you think - send to the primary, but should that be unavailable (can't connect for example), then open up the failover destination and send the logs to it. If you have two Loggers, for example, you run the risk of getting some events on one Logger and some on the other! Not great.


I always recommend dual feed to two destinations - that way you can have full copy across two Loggers and the cache is active on both destinations - so you dont lose anything. Failover is just that though, it won't flush the events to the failed destination.

View solution in original post

0 Likes
manojs Super Contributor.
Super Contributor.

Re: Sending logs to Logger

Jump to solution

Thanks Paul

Manoj S.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.