Is there a way to set up Syslog transport in a customer security solution and send it directly to Ch

Question

Is there a way to set up Syslog transport in a customer security solution and send it directly to Chronicle?

Syslog settings exist in customer security solutions without configuring Forward. You can configure log transmission right away by entering the Chronicle IP address here.

However, when checking Chronicle Documents, it appears that there is no way to configure a forwarder or receive feed directly if there is no API.

Unfortunately, the solution used by the customer is a security solution developed in South Korea and is not included in the definition provided in the Feed Source type.

However, since it is a Linux-based solution, it is equipped with a transmission function through Rsyslog.

Is there no way??

Page 1 / 1

Chronicle does not support direct syslog input to our cloud. A forwarder is required to receive the syslog and transmit them to our SaaS. The Chronicle forwarder is supported on Linux and can co-reside with other solutions (as long as they don't try to use the same ports). https://cloud.google.com/chronicle/docs/install/forwarder-linux

Reply

mikewilusz · Accepted Answer

Chronicle does not support direct syslog input to our cloud. A forwarder is required to receive the syslog and transmit them to our SaaS. The Chronicle forwarder is supported on Linux and can co-reside with other solutions (as long as they don't try to use the same ports).  https://cloud.google.com/chronicle/docs/install/forwarder-linux

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded