Hi Chris,

Exactly, the receiver side reported that, they can't parse the new format. Therefore I would like to swich the format to the older one.

After I switched it I will be able to point out, the error is on the receiver side.

That is my motivation.

BR

Akos

Hi PhoneBoy,

To clarify the situation. I use cp_clog_export for exporting the logs.

BR

Akos

I assume you mean cp_log_export, which is Log Exporter.
However, what you provided a link to is not relevant to Log Exporter, but to a feature that allows sending specific traffic logs as syslog from the gateway itself (not the management).
Use the "format" option in Log Exporter to determine the format to send to the remote syslog server, which supports:

• generic
• cef
• json
• leef
• logrhythm
• rsa
• splunk
• syslog

Parsing is the responsibility of the remote end. 

Hi PhoneBoy,

Yes, I meant Log Exporter.

In the format settings

Is the deafult syslog format  RFC 5424 format? If yes, can we change it somehow?

BR

Akos

I presume it is the default format, yes.
I don't believe you can change it.
What is the precise syslog server in use on the other end?
What is the precise CLI command you use to configure Log Exporter (or a screenshot of what's in SmartConsole)?

Hi Phoneboy,

The format part of the CLI command is "syslog"

The receiver syslog server's brand is Logness. It is an unique development. I do not hav the information, what is the base of this solution.

Akos

You might try "generic" and see if that provides a better result.

Hi,

Now it is much better than earlier was. Based on this, we asked the customer to contact the SIEM support to clarify this issue on the other side.

We can't change more things in log exporter.

Akos

I have the same question. Do you know if selecting the syslog format automatically applies RFC 5424 instead of RFC 3164? If the default is the old RFC 3164, how can I change it to RFC 5424?