03-15-2019 12:05 AM
Hi all,
i would like to know how a cisco sourcefire device fetches the syslog itself to another syslog server?
thanks
Solved! Go to Solution.
03-16-2019 10:19 PM - edited 03-16-2019 10:23 PM
It may be a language issue in your question, but the Sourcefire device does not (and cannot) "fetch logs from a syslog server". It can send log messages to a syslog server.
The link Balaji provided describes how to do that. Any syslog server will work as long as it accepts RFC 5424 standard syslog messages.
As far as how it works, the appliance will simply encapsulate the messages in IP packets with destination address of the configured syslog server and destination port of udp/514.
03-15-2019 01:44 AM
if i understand correctly you looking offload the logs to syslog from sourcefire device (if not please correct me)
below guide help you to offload the load to external syslog server :
03-15-2019 02:36 AM
Hi,
i just want the process on how the cisco sourcefire device fetch the log from a syslog server
03-15-2019 02:36 AM
Hi,
i just want the process on how the cisco sourcefire device fetch the log from a syslog server
thanks
03-15-2019 03:08 AM
which syslog server, can you give more explanation ?
03-16-2019 09:06 PM
Hi ,
the syslog server can be apache linux server or splunk server
03-16-2019 10:19 PM - edited 03-16-2019 10:23 PM
It may be a language issue in your question, but the Sourcefire device does not (and cannot) "fetch logs from a syslog server". It can send log messages to a syslog server.
The link Balaji provided describes how to do that. Any syslog server will work as long as it accepts RFC 5424 standard syslog messages.
As far as how it works, the appliance will simply encapsulate the messages in IP packets with destination address of the configured syslog server and destination port of udp/514.
03-18-2019 02:45 AM
Hi Marvin,
thanks you very much of your explanation
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: