Syslog redirection - BlueCat Address Manager - 9.3.0

Address Manager API Guide

prodname
BlueCat Address Manager
version_custom
9.3.0

When configuring syslog redirection, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on DNS/DHCP Server. DNS/DHCP Server filters the content that is written to the local syslog file.

Example

{
    "version": "1.0.0",
    "services": {
        "syslog": {
            "configurations": [
                {
                    "syslogConfiguration": {
                        "servers": [
                            {
                                "ip": "10.10.10.10",
                                "transport": "udp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::10",
                                "transport": "udp6",
                                "port": 514
                            },
                            {
                                "ip": "10.10.10.20",
                                "transport": "tcp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::20",
                                "transport": "tcp6",
                                "port": 514
                            }
                        ],
                        "arcsight": {
                            "enable": true,
                            "ip": "1.1.1.1"
                        },
                        "qradar": {
                            "enable": true,
                            "ip": "2.2.2.2"
                        }
                    }
                }
            ]
        }
    }
}
Parameters
  • ip—enter the IPv4 or IPv6 address of the syslog server.
    Note: The top-most syslog server will be queried first, then the second, and continues down the list.
  • transport—enter the transport protocol used for syslog redirection. The value must be tcp, tcp6, udp, or udp6.
  • port—enter the port used for syslog redirection.
  • arcsight—enter the configuration information for syslog redirection to ArcSight.
    • enable—set to true to enable syslog redirection to ArcSight; set to false to disable syslog redirection to ArcSight.
    • ip—enter the IPv4 or IPv6 address of the ArcSight server.
  • qradar—enter the configuration information for syslog redirection to QRadar.
    • enable—set to true to enable syslog redirection to QRadar; set to false to disable syslog redirection to QRadar.
    • ip—enter the IPv4 or IPv6 address of the QRadar server.