Closed AVitg closed 1 year ago
AVitg
commented
1 year ago 
joeymoore
commented
1 year ago @AVitg thanks for the request, I just want to confirm that this only UDP is possible with ArcSight as you only applied the logic for UDP and not TCP. If so I will approve and merge. Cheers
AVitg
commented
1 year ago hey @joeymoore, thanks for coming back so fast, tbh ArcSight can do TCP, i just did not implement / test my changes yet, so the UDP lines can be adjusted for TCP as well, i assume
''' if self.config.SYSLOG_PROTO == 'UDP' and self.config.SYSLOG_ENABLE =='YES' and self.config.SYSLOG_CUSTOM == 'YES': self.logger.info('Custom Syslog enabled, using UDP') self.remote_logger = SyslogClientCustom(self.config.SYSLOG_ADDRESS, self.config.SYSLOG_PORT, "UDP", self.logger, self.config.SYSLOG_SENDER_HOSTNAME) '''
''' if self.config.SYSLOG_PROTO == 'TCP' and self.config.SYSLOG_ENABLE =='YES' and self.config.SYSLOG_CUSTOM == 'YES': self.logger.info('Custom Syslog enabled, using TCP') self.remote_logger = SyslogClientCustom(self.config.SYSLOG_ADDRESS, self.config.SYSLOG_PORT, "TCP", self.logger, self.config.SYSLOG_SENDER_HOSTNAME) '''
AVitg
commented
1 year ago i also think i left get_hostname and get_time untouched... so it could be reomved from the new calss, as they are inheritted already correctly.
AVitg
commented
1 year ago i also think i left get_hostname and get_time untouched... so it could be reomved from the new calss, as they are inheritted already correctly.
i changed the get_time, to get the end time instead of start time from the log event, for the syslog timestamp. tbh, eventually this would be worth changing to "now()" anyhow... cause we have start/end time already, and the syslog timestamp could refelect "now()" for the syslog timestamp... to track delay in tansport rather get the wrong impression there is delay.... however this wouold be a different PR ;)