search

sophos / Sophos-Central-SIEM-Integration

Simple integration script for 3rd party systems such as SIEMs. Offers command line, file or syslog output in CEF, JSON or key-value pair formats.
121 stars 70 forks source link

the script pull the logs to the local server but not send them to my siem collector #82

Open ithamar21 opened 2 years ago

ithamar21 commented 2 years ago

Hello i try to get the logs from sophos to send them to my siem. i set the remote ip in the syslog properties port 514 udp the facility is daemon i set the filename were i want him to save the file.

i make a cron job run any 1 min. the file is created and pull the logs. but my problem is the script not forwarding the logs to my siem using syslog. the linux server itself send to my siem system logs correctly but the sophos logs not showing. i use ubuntu 22.04.

Thank you

tennis-r7 commented 1 year ago

You cannot write logs to a file AND send them to a syslog server, only one of them.

This is set here https://github.com/sophos/Sophos-Central-SIEM-Integration/blob/master/config.ini#L24

You specify a filename to write to the file, or syslog to forward the events to the siem server.

ithamar21 commented 1 year ago

Hi so if i want only send syslog to my siem how i do this? What i change to change in my script?

בתאריך יום ה׳, 1 בדצמ׳ 2022, 17:37, מאת tony ennis ‏< @.***>:

You cannot write logs to a file AND send them to a syslog server, only one of them.

This is set here https://github.com/sophos/Sophos-Central-SIEM-Integration/blob/master/config.ini#L24

You specify a filename to write to the file, or syslog to forward the events to the siem server.

— Reply to this email directly, view it on GitHub https://github.com/sophos/Sophos-Central-SIEM-Integration/issues/82#issuecomment-1333952645, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOVP3VOVJRAIKOELHUKTWMTWLDA5BANCNFSM6AAAAAARIKUASE . You are receiving this because you authored the thread.Message ID: @.***>