Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ohhdiddlediddle
Explorer

IPS logs in semi-unified

Hello All - I'm working with my client to set-up logging via syslog.

> Client has set-up syslog logging under "raw" mode and we are seeing IPS blade logs in the SIEM(514/UDP).

> We requested to set-up an additional logging using semi-unified for an another project on the same SIEM but on a different port (1514/UDP).

> I can see the IPS blade logs on the old log exporter but not on the new log exporter (1514/UDP).

> Client claims that there were no additional configuration that was performed by him for the old exporter.

> Is there an option that needs to be enabled separately to enable , to send IPS blade logs on the new exporter? 

 

[Expert@**hidden**:0]# cp_log_export show
name: **hidden**
enabled: true
target-server: **hidden**
target-port: 514
protocol: udp
format: syslog
read-mode: raw
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false

(new exporter)
name: **hidden**
enabled: true
target-server: **hidden**
target-port: 1514
protocol: udp
format: syslog
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false

0 Kudos
2 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events