Using Logger on an IPv6 Linux host
I'm looking to use the software Logger with the IPv6 interface on a Linux host. The syslogs come into the Linux host on the IPv6 interface and from what I've read, I cannot bind Arcsight to the V6 interface. What is the workaround for this? Can I read the syslogs from /var/log/messages instead of through the IPv6 interface? Thanks.
Well no one replied but the trick was to edit rsyslog.conf to forward the IPv6 syslog messages back onto the loopback address of the same Linux host. Arcsight can bind to the 'All' interface and pull in the syslogs this way.
This is excellent out of the box thinking. So if I understand this correctly, you have a software Logger running on a Linux host with an IPv6 interface only. Making the change on the rsyslog.conf to forward to the loopback address seems to have done the trick. What receiver type are you using on Logger? Also, is this Logger version 5.2P1?