Syslog redirection - BlueCat Address Manager - 9.3.0

Address Manager API Guide

Locale
English (United States)
Product name
BlueCat Address Manager
Version
9.3.0

When configuring syslog redirection, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on DNS/DHCP Server. DNS/DHCP Server filters the content that is written to the local syslog file.

Example

{
    "version": "1.0.0",
    "services": {
        "syslog": {
            "configurations": [
                {
                    "syslogConfiguration": {
                        "servers": [
                            {
                                "ip": "10.10.10.10",
                                "transport": "udp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::10",
                                "transport": "udp6",
                                "port": 514
                            },
                            {
                                "ip": "10.10.10.20",
                                "transport": "tcp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::20",
                                "transport": "tcp6",
                                "port": 514
                            }
                        ],
                        "arcsight": {
                            "enable": true,
                            "ip": "1.1.1.1"
                        },
                        "qradar": {
                            "enable": true,
                            "ip": "2.2.2.2"
                        }
                    }
                }
            ]
        }
    }
}
Parameters
  • ip—enter the IPv4 or IPv6 address of the syslog server.
    Note: The top-most syslog server will be queried first, then the second, and continues down the list.
  • transport—enter the transport protocol used for syslog redirection. The value must be tcp, tcp6, udp, or udp6.
  • port—enter the port used for syslog redirection.
  • arcsight—enter the configuration information for syslog redirection to ArcSight.
    • enable—set to true to enable syslog redirection to ArcSight; set to false to disable syslog redirection to ArcSight.
    • ip—enter the IPv4 or IPv6 address of the ArcSight server.
  • qradar—enter the configuration information for syslog redirection to QRadar.
    • enable—set to true to enable syslog redirection to QRadar; set to false to disable syslog redirection to QRadar.
    • ip—enter the IPv4 or IPv6 address of the QRadar server.