Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2402
Views
15
Helpful
6
Replies

Configure ESA C190 to push Syslogs to multiple collectors

Go to solution
Rachel Bautista
Level 1
Level 1

‎03-19-2018 10:26 AM - edited ‎03-08-2019 07:34 PM

We have two Cisco IronPort ESA C190s on OS 10.0.1-087.  

 

Our Security team has a requirement that we begin pushing syslogs to our SIEM device (Logrythm).  Our team currently pushes syslogs to our infrastructure management collector (Loginsight).

 

I need to be able to push syslogs to both locations.  I don't see a way to do it in the GUI, can it be done via commandline?

 

The issue is that our team doesn't have access to the security team's SIEM device so I can't use those logs to troubleshoot issues so I need both OR I need verification that only one can be used so they have a compelling reason to grant me access.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to Rachel Bautista

‎03-19-2018 11:02 AM

Yes, you can add one for a log you already have.

You'll have to give it a new log name. (aka the directory)

You can use the same file name if you want (since it will be going to a different directory)






View solution in original post

6 Replies 6

Go to solution
Ken Stieers
VIP
VIP

‎03-19-2018 10:32 AM

Create multiple log subscriptions, one pointed at each destination.

It's under System Administration/Log Subscriptions.


Go to solution
Rachel Bautista
Level 1
Level 1
In response to Ken Stieers

‎03-19-2018 10:42 AM

Sorry, that didn't answer my question.  I need to know how to configure MULTIPLE syslog collectors.

 

I am well aware of how to configure it to push syslogs in general via the GUI.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Rachel Bautista

‎03-19-2018 10:47 AM

You can't create one log sub and send it to multiple places.

You have to create a new log subscription for each destination.

The Logtype can be the same, the log name/logfile name have to be different, and the "Retrieval Method" is Syslog push will go to different IPs.






Go to solution
Rachel Bautista
Level 1
Level 1
In response to Ken Stieers

‎03-19-2018 10:59 AM

Just to clarify, I can add a second subscription to a log type I already have listed and set it to go to a different syslog location?

Will it create the new log file or do I have to manually give it a different file name?

 

 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Rachel Bautista

‎03-19-2018 11:02 AM

Yes, you can add one for a log you already have.

You'll have to give it a new log name. (aka the directory)

You can use the same file name if you want (since it will be going to a different directory)






Go to solution
Rachel Bautista
Level 1
Level 1
In response to Ken Stieers

‎03-19-2018 11:04 AM

I'll try that. Thanks!
0 Helpful
Customers Also Viewed These Support Documents