Syslog redirection - BlueCat Integrity - 9.4.0

Address Manager API Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

When configuring syslog redirection, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on DNS/DHCP Server. DNS/DHCP Server filters the content that is written to the local syslog file.

Example

{
    "version": "1.0.0",
    "services": {
        "syslog": {
            "configurations": [
                {
                    "syslogConfiguration": {
                        "servers": [
                            {
                                "ip": "10.10.10.10",
                                "transport": "udp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::10",
                                "transport": "udp6",
                                "port": 514
                            },
                            {
                                "ip": "10.10.10.20",
                                "transport": "tcp",
                                "port": 514
                            },
                            {
                                "ip": "fda5:1111:47::20",
                                "transport": "tcp6",
                                "port": 514
                            }
                        ],
                        "arcsight": {
                            "enable": true,
                            "ip": "1.1.1.1"
                        },
                        "qradar": {
                            "enable": true,
                            "ip": "2.2.2.2"
                        }
                    }
                }
            ]
        }
    }
}
Parameters
  • ip—enter the IPv4 or IPv6 address of the syslog server.
  • transport—enter the transport protocol used for syslog redirection. The value must be tcp, tcp6, udp, or udp6.
  • port—enter the port used for syslog redirection.
  • arcsight—enter the configuration information for syslog redirection to ArcSight.
    • enable—set to true to enable syslog redirection to ArcSight; set to false to disable syslog redirection to ArcSight.
    • ip—enter the IPv4 or IPv6 address of the ArcSight server.
  • qradar—enter the configuration information for syslog redirection to QRadar.
    • enable—set to true to enable syslog redirection to QRadar; set to false to disable syslog redirection to QRadar.
    • ip—enter the IPv4 or IPv6 address of the QRadar server.