Hello,
Can i add more then 1 syslog server to the commserve?
We send alerts to splunk with a a syslog server , another team needs us to send them audit trails and i dont want to overflow the splunk with alerts and audit trails , can i can another siem connector to somehow divide the data?
Hi Arik, Thank you for posting your query in Community, we would like to inform you that you can have only one syslog server configured in Commcell but the message forwarding can be done to multiple syslog servers, we have earlier had this confirmed with Development for diff scenarios and Development team has confirmed that message forwarding to multiple syslog servers can be done at syslog server level itself: https://www.rsyslog.com/doc/v8-stable/tutorials/reliable_forwarding.html, You can get in touch with your syslog team to have this done.
Hi Arik, Thank you for posting your query in Community, we would like to inform you that you can have only one syslog server configured in Commcell but the message forwarding can be done to multiple syslog servers, we have earlier had this confirmed with Development for diff scenarios and Development team has confirmed that message forwarding to multiple syslog servers can be done at syslog server level itself: https://www.rsyslog.com/doc/v8-stable/tutorials/reliable_forwarding.html, You can get in touch with your syslog team to have this done.
Have we considered creating a technote on this and/or updating our documentation to better reflect this - as I am sure this will be a common question.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
