Is there any way we can forward a copy of received logs from Graylog server to SIEM tool without changing logs/events header[ie: actual source and destination].
I tried output plugins but none of them seems to be working, am I missing something here.
What format does your SIEM expect?
What headers do you mean specifically?
Which outputs (and which configuration) have you tried before and what was the result?
What format does your SIEM expect?
What headers do you mean specifically?
Which outputs (and which configuration) have you tried before and what was the result?
Hi Jochen, do you have any suggestions for me- how can I address this issue.
You probably have to write your own output plugin or post feature requests for the existing plugins if you want pristine message forwarding.
As it is, Graylog will almost always enrich the message with additional information.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
