Add syslog output #9
Labels
enhancement
New feature or request
Comments
|
Until this is implemented, a workaround can be (and an overkill) using the https://github.com/cea-sec/openwec/blob/main/doc/outputs.md#unix-domain-socket We do something similar using OpenWEC together with syslog-ng. |
|
I'll also add that a nice-to-have would be output to systemd-journald-remote, in the journald format, which has largely supplanted syslog on newer Linux distributions. |
|
I have OpenWEC and rsyslog sharing a box - OpenWEC writing to files rsyslog reads from. That way any issues with the syslog server don't result in loss of logs. HTH. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some SIEM can only receive logs in syslog messages. To support these SIEM, we need to add a syslog output.
cf RFC 5424.
It may be useful to add 2 variant of syslog output for TCP and UDP.
The text was updated successfully, but these errors were encountered: