When configuring syslog redirection, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on DNS/DHCP Server. DNS/DHCP Server filters the content that is written to the local syslog file.
Example
#cloud-config
bluecat_service_config:
payload: |
{
"version": "1.0.0",
"services": {
"syslog": {
"configurations": [
{
"syslogConfiguration": {
"servers": [
{
"ip": "10.10.10.10",
"transport": "udp",
"port": 514
},
{
"ip": "fda5:1111:47::10",
"transport": "udp6",
"port": 514
},
{
"ip": "10.10.10.20",
"transport": "tcp",
"port": 514
},
{
"ip": "fda5:1111:47::20",
"transport": "tcp6",
"port": 514
}
],
"arcsight": {
"enable": true,
"ip": "1.1.1.1"
},
"qradar": {
"enable": true,
"ip": "2.2.2.2"
}
}
}
]
}
}
}
Parameters
- ip—enter the IPv4 or IPv6 address of the syslog
server.Note: The top-most syslog server will be queried first, then the second, and continues down the list.
- transport—enter the transport protocol used for syslog redirection. The value must be tcp, tcp6, udp, or udp6.
- port—enter the port used for syslog redirection.
- arcsight—enter the configuration information for syslog
redirection to ArcSight.
- enable—set to true to enable syslog redirection to ArcSight; set to false to disable syslog redirection to ArcSight.
- ip—enter the IPv4 or IPv6 address of the ArcSight server.
- qradar—enter the configuration information for syslog
redirection to QRadar.
- enable—set to true to enable syslog redirection to QRadar; set to false to disable syslog redirection to QRadar.
- ip—enter the IPv4 or IPv6 address of the QRadar server.