Using the NXLOG agent as a syslog server
Hello,
We are currently working on collecting the logs from McAfee EPO (without pooling the database ) using the agent as the syslog server .
In the EPO we can configure a syslog server to send our events , in that case the syslog server is our agent
We try some configuration but still not working
<Extension clean_fields_mcafee_epo> Module xm_rewrite Keep time, host, source, sourcetype, event, classification, os, dc, severity, module, stanza, collector_hostname, collector_received_at </Extension>
<Input i_mcafee_epo_raw> Module im_ssl ListenAddr 127.0.0.1:1572 CAFile "McAfeeEpo\Apache2\conf\ssl.crt\ca.cer" CertFile "McAfeeEpo\Apache2\conf\ssl.crt\cert.crt" CertKeyFile "McAfeeEpo\Apache2\conf\ssl.crt\cert.key" AllowUntrusted TRUE FlowControl TRUE <Exec> parse_syslog(); $source = "mcafee_epo"; log_info("event : " +$event); </Exec> </Input>
<Output onul> Module om_null </Output>
<Route r_raw_epo> Path i_mcafee_epo_raw => onul </Route>
I was wondering I we need to use the module xm_syslog as the module
Hey,
Since you're calling parse_syslog(); then yes - xm_syslog module is needed, since it provides the syslog format-related capabilities.
Good luck,
Raf
