Configure Secure Syslog to System Monitor Agent
Windows System Monitor
Prerequisites
- IP or Hostname of a Microsoft Windows machine with system monitor installed and secure syslog configured on the LogRhythm System Monitor.
- A valid certificate to create the secure channel.
- Encrypt and configure a secure syslog agent to be sent to a system monitor agent. For more information, see Configure a Secure Syslog Agent.
Configuration
You can configure the Open Collector to send data to a System Monitor configured with secure syslog using the following steps:
Run Command
CODE./lrctl oc config edit
- Enter the hostname or IP of your Windows System Monitor agent with secure syslog configured.
- Enter port where system monitor is listening to receive data on secure connection. By default System Monitor is configured to listen on port 6514 for secure syslog.
- Select the Time Zone.
- When asked to change System Monitor sending mode, type 'y'.
- You will be shown option to change Transport Mechanism, select 'TLS' .
- For "Beats listener mode" option, type 'N'
- For option to change "advance properties", type 'N'
- Then you will be asked to change cert content, type 'y'. This is asked since you selected transport mode TLS to send syslog to System Monitor.
- Copy and paste certificate content as shown below with "Begin Certificate" and "End Certificate" tags included and hit enter twice when finished.
- The configuration will be saved
For the changes to take effect, run command
CODE./lrctl oc restart
Linux System Monitor
Linux System Monitors do not support secure syslogs as of the current release. However, they can collect normal syslog data from System Monitor version 7.9.0.8004 onwards.
For more information on installing a System Monitor on UNIX/Linux, see Install a System Monitor on UNIX/Linux.
Installing the SysMon agent on the same machine as the Open Collector is not supported. Collection is supported from another machine running Linux.