How to send syslog events to aanval server

Bert Colemont

• February 02, 2019 13:18

How to send syslog events to aanval server?

I see that the machine is not listening to port  514, so do I need to install a syslog server on it and grab it over there?

0

• 

  * Aaron [TF]

  • February 02, 2019 22:06

  Bert,

  In Aanval 9, we recommend using a native syslog engine like rsyslog to ingest your syslog data and have them written to a structured directory, etc.

  Then within Aanval, head on over to your syslog sensor configuration and create a new syslog sensor, pointing to one of those files. One log file is considered a single sensor.

  0

Please sign in to leave a comment.