MonitorWare Knowledge Base

Hi Guys


I need to implement quite a few different types of syslog. ie Juniper,Cisco, Fortinet,Checkpoint, IIS,McAfee, etc etc.
What i need to know is how i configure rsyslog to read all the various messages from the different syslog formats? does it automatically do this?
if not how can i configure it to do so? is there a way in which i can add a configurable plugin(.cfg) file?

Also once it pulls the info into mysql. i need to be able to distuinguish which plugin it came from

Is this possible?

Thanks
Stuart

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Given what came in recently in vendor horrors, this sound more complicated than one would expect it to be. Do you intend to use UDP or TCP? If it is just for the message format, I think the property replacer could do the job. But there are also protocol issues. Search the forum for recent posts on how to extract data, there has been at least one excellent howto-like post recently.

Rainer

Hi Rainer

Im using TCP primarily.
to use the property replacer method. do i have to include it all on rsyslog.conf? or can i create a config file for each firewall type and tell rsyslog.conf to include it?

search the past 2 days for tcp framing problems. Netscreen and Cisco seem to have screwed up. I am working on a solution, but no technically sound fix is possible.

On the config: we do not yet have configurable input parsers. It would be nice to have them, but I did not yet have time to do that soon, as it looks...

Rainer

great thanks! ill check out the tcp framing issues.