I wanted to figure out how to use Flume for receiving Syslog message. So i tried 2 different configurations one is using Syslog server on TCP port and other on UDP port.
This is the flume configuration for listening on UDP port
Copy the flumesyslogudp.properties file in the conf directory of your flume server and use following command to start flume server
bin/flume-ng agent --conf conf --conf-file conf/flumesyslogudp.properties --name agent1
-Dflume.root.logger=DEBUG,console
Or you can configure flume to listen on TCP port. Only difference is the source type is
syslogtcp
instead of
syslogudp
bin/flume-ng agent --conf conf --conf-file conf/flumesyslogtcp.properties --name agent1
-Dflume.root.logger=DEBUG,console
I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in IBM QRADAR SIEM , kindly contact us http://www.maxmunus.com/contact
ReplyDeleteMaxMunus Offer World Class Virtual Instructor led training On IBM QRADAR SIEM. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Saurabh Srivastava
MaxMunus
E-mail: saurabh@maxmunus.com
Skype id: saurabhmaxmunus
Ph:+91 8553576305 / 080 - 41103383
http://www.maxmunus.com/
Thanks for info....
ReplyDeleteWebsite development in Bangalore