Jump to content
Sign in to follow this  
littleadam

Syslog Server sending delay

Recommended Posts

Hey all,

We configured our syslog settings to forward logs to our logging server.  It appears to only sort of be working.  We'll get a detection at 2:08AM, but they aren't forwarding to our logging server until a few hours later.  And we're noticing sometimes nothing gets forwarded.  Is there any better documentation outside of the "just put your syslog server settings here" that is in the Management Console? Or any hints or tips on how to make this work better?

Share this post


Link to post
Share on other sites

There's nothing to really configure for this forwarding function. You can try adjusting the facility and severity to get a more immediate response from your reporting siem. Maybe change CEF to JSON or vice versa? You can test the results by generating an event, like going to https://iptest.malwarebytes.org.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.