Hello,
I would like to know if there is a difference between integrating a Linux server using the bindplane agent and not through syslog?
That is, is there any difference in the display of UDM fields, parsing, or any other log processing features?
bindplane agent for sending linux logs or sending them through linux syslog
+2- Bronze 2
This is Craig with Bindplane. Happy to answer your question.
If you are using the BP agent, you will read in data unparsed and set the parser type with the SecOps standardization processor: https://bindplane.com/docs/resources/processors/google-secops-standardization
It is also possible to send syslog to the Bindplane agent using the TCP or UDP Raw source.
NIX_SYSTEM is likely the parser to set with Ingestion Label for your use case.
Final point, it is possible to configure the Bindplane agent headlessly, but I recommend using either Bindplane SaaS or self hosted deployments to quickly create those configurations. Entitlement is included with SecOps via our partnership with Google.
I walkthrough setup of a Linux AuditD example in this Quick Start guide: https://bindplane.com/docs/how-to-guides/google-secops-bindplane-quick-start
Let me know if you have other questions!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.