This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2013-11-26 09:05 PM

How can enVision 4.1 send Syslog messages to a remote syslog server

After configuring the Syslog Managed Output Action with source and destination IP and MAC addresses on port 514/udp and restarted the Alerter Service, messages are not getting to the remote syslog. However, when I click on the Test button, test messages are successfully reaching the remote server. Event sources are actively sending messages to enVision. What am I missing?  Thanks!

0 Likes
Reply
12 Replies
RSAAdmin
Beginner
Beginner
‎2013-11-26 09:54 PM

Firstly, welcome to the forums, and above all, thank you for being an RSA customer.

 

Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility.  Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.

 

You can do so by selecting "Move" under ACTIONS along the upper-right.  Then search for and select: "RSA enVision"

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2013-11-27 06:54 AM

Christopher, thank you for the welcome.  I moved my question to the RSA enVision forum.  Thanks!

0 Likes
Reply
AndreaMattioli
Beginner
Beginner
In response to RSAAdmin
‎2013-11-28 08:16 AM

Hi,

 

waht do you want to do: send the only alert messages to a syslog server or send all messages?

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to AndreaMattioli
‎2013-11-28 10:07 AM

Hello IKSSri,

 

I'd like to send all messages to the remote syslog server. 

0 Likes
Reply
UMBERTOZANATTA1
Beginner
Beginner
In response to RSAAdmin
‎2013-11-29 11:33 AM

Hi,

 

Alert messages are sent when an event is triggered.

In my opinion you should extract the logs data in batch with lsdata and thus sending it to a remote syslog by a script.

 

Rgds,

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to UMBERTOZANATTA1
‎2013-11-29 08:55 PM

Hi Uzanatta,

 

It seems more convenient to use enVision and forward the syslog data it's already receiving from various event sources. Thanks.

 

Sent from Guy's iPad

0 Likes
Reply
RafaelAggeler
Beginner
Beginner
In response to RSAAdmin
‎2013-12-09 02:47 AM

already got a solution for that?

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RafaelAggeler
‎2013-12-09 07:17 AM

No not yet.

0 Likes
Reply
RafaelAggeler
Beginner
Beginner
In response to RSAAdmin
‎2013-12-09 09:21 AM

I guess simple forwarding doesn't work, but did you have a look at EDI Service?

You would need a batch job or similar to syslog-forward the exported events, but I guess that could work.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.