AnsweredAssumed Answered

How to send logs to RSA from Graylog?

Question asked by V3hrrWee8o4GRIeBwlhoBrSOzr0faybbj8vAoBBfuAo= on Apr 17, 2016
Latest reply on Apr 19, 2016 by David Waugh



We are running SA 10.5.


Currently, most of our logs are sent to Graylog, helping out DevOps teams on operational matters. Windows logs are sent up with NXlog, we have some syslog, app logs are sent with graylog-collector in GELF or plain format.


In order to support our security analysts as well, using SA, I'd like to send the raw logs that are coming to the Graylog right before they enter, for example with Logstash to split the flow.


My question is: Can I send a stream of logs directly to the VLC's rabbitMQ? What would be alternative ways to push logs out to the RSA chain otherwise? Straight to the decoder somehow? or ESA?


Thank you.