syslog_outputPermalink to this headline
Configuration options for sending alerts to a syslog server.
OptionsPermalink to this headline
serverPermalink to this headline
The IP Address or hostname of the syslog server.
Default value |
n/a |
Allowed values |
Any valid IP address |
portPermalink to this headline
The port to forward alerts to.
Default value |
514 |
Allowed values |
Any valid port |
levelPermalink to this headline
The minimum level of the alerts to be forwarded.
Default value |
n/a |
Allowed values |
Any level from 1 to 16 |
groupPermalink to this headline
Rule group of the alerts to be forwarded.
Default value |
n/a |
Allowed values |
Any valid group. Separate multiple groups with the pipe ("|") character. |
Note
Observe that all groups must be finished with a comma.
rule_idPermalink to this headline
The rule_id of the alerts to be forwarded.
Default value |
n/a |
Allowed values |
Any valid rule_id |
locationPermalink to this headline
The location field refers to the origin of the alert, it could be:
syscheck
rootcheck
File path
Command or its alias
command_tag (wodle)
aws-cloudtrail
cis-cat
vulnerability-detector
syscollector
Default value |
n/a |
Allowed values |
Any valid location |
use_fqdnPermalink to this headline
Toggle for full or truncated hostname configured on the server. By default, ossec truncates the hostname at the first period ('.') when generating syslog messages.
Default value |
no |
Allowed values |
yes, no |
formatPermalink to this headline
Format of alert output. When jsonout_output in global section is enabled, alerts are read from alerts.json instead of alerts.log for JSON format.
Default value |
default |
|
Allowed values |
default |
|
cef |
will output data in the ArcSight Common Event Format. |
|
splunk |
will output data in a Splunk-friendly format. |
|
json |
will output data in the JSON format that can be consumed by a variety of tools. |
|
Example of configurationPermalink to this headline
<syslog_output>
<server>192.168.1.3</server>
<level>7</level>
<format>json</format>
</syslog_output>