cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Syslog Connector | Source | Host | Logs

smhasn
Copper Contributor

‎Oct 25 2023 03:50 AM

‎Oct 25 2023 03:50 AM

Syslog Connector | Source | Host | Logs

Hello,

 

I have a Syslog connector which is working perfect, I have a source or a host which is configured to send syslog messages to this server/VM which has Syslog connector configured. I can observe the tcpdump from the source on the Syslog Server, but the same is not available in Sentinel Logs.

 

Appreciate your help.

 

I have attached the screenshots for better understanding.

 

Regards,

Mazhar

Labels:
Preview file
1524 KB
Preview file
273 KB
496 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by smhasn (Copper Contributor)
Clive_Watson

‎Oct 25 2023 05:08 AM

‎Oct 25 2023 05:08 AM

Solution

Re: Syslog Connector | Source | Host | Logs

Have you checked in the SyslogMessage column for the data your looking for?

Syslog
| where SyslogMessage has " < your TCP data >"

If you find it, you'll have to parse or extract the data
0 Likes
Reply
smhasn

‎Oct 25 2023 05:51 AM

‎Oct 25 2023 05:51 AM

Re: Syslog Connector | Source | Host | Logs

Thanks for the query - the logs have been received; it is more likely the device is erroring out. Have asked the team to check for the root cause as the delivery of syslog is fine.

Thanks a ton.!!!
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by smhasn (Copper Contributor)
Clive_Watson

‎Oct 25 2023 05:08 AM

‎Oct 25 2023 05:08 AM

Solution

Re: Syslog Connector | Source | Host | Logs

Have you checked in the SyslogMessage column for the data your looking for?

Syslog
| where SyslogMessage has " < your TCP data >"

If you find it, you'll have to parse or extract the data

View solution in original post

0 Likes
Reply