Absent Member.
Absent Member.
329 views

Using Logger on an IPv6 Linux host

I'm looking to use the software Logger with the IPv6 interface on a Linux host.  The syslogs come into the Linux host on the IPv6 interface and from what I've read, I cannot bind Arcsight to the V6 interface.  What is the workaround for this?  Can I read the syslogs from /var/log/messages instead of through the IPv6 interface?  Thanks.

Labels (1)
Tags (1)
0 Likes
3 Replies
Absent Member.
Absent Member.

Any thoughts?  Thanks.

0 Likes
Absent Member.
Absent Member.

Well no one replied but the trick was to edit rsyslog.conf to forward the IPv6 syslog messages back onto the loopback address of the same Linux host.  Arcsight can bind to the 'All' interface and pull in the syslogs this way.

0 Likes
Absent Member.
Absent Member.

Nirav,

This is excellent out of the box thinking. So if I understand this correctly, you have a software Logger running on a Linux host with an IPv6 interface only. Making the change on the rsyslog.conf to forward to the loopback address seems to have done the trick. What receiver type are you using on Logger? Also, is this Logger version 5.2P1?

-Roopak

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.