mrammes1 Absent Member.
Absent Member.
336 views

Payload function available in CEF syslog connector?

Hi all,

I'm using the CEF syslog daemon connector to send individual events via CEF format (from a python script) to the ESM. Now I want to add additional data with the payload function. In general it's working. I can send a CEF line with the Device Payload ID and in the Console I can see the payload tab available. When I request the payload data I can see in the connector log that the request command reaches the connector but nothing happens then. No error message that the payload can not be found and so on. I already tried to monitor the connector process with strace (to check if the connector searches for the payload as file or as network connection) but no success.

Does somebody has an idea?

Thanks and regards,

Matthias

Labels (2)
0 Likes
Reply
2 Replies
Highlighted
aaron.wayne@hpe1 Absent Member.
Absent Member.

Re: Payload function available in CEF syslog connector?

The payload cannot be sent via udp syslog

In the past on syslog ips/ids connectors I have created a separate console tool that parsed flex date 1 which you can enable on the connector in destination settings to get the actual time of the event.  Then converted this to epoch time to drill down into the appliance and download the pcap file directly to end users desktop.

hope this helps and you may have found a solution since your post is a little old but figured i would reply given that this may help someone else.

0 Likes
Reply
mrammes1 Absent Member.
Absent Member.

Re: Payload function available in CEF syslog connector?

Hi Aaron,

thanks for your feedback! That's a good idea. I will try it in the next days. Maybe with a little script and an integration command.

Kind regards

Matthias

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.