Configure SIEM to be kemp syslog target but SIEM not receiving any syslog messages
Information
| Summary: |
Unable to receive logs from kemp on SIEM after configuring it as a syslog target on UDP/514 |
| Environment: |
Product: Loadmaster Version: Any Platform: Any Application: N/A |
| Question/Problem Description: |
|
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: |
|
| Resolution: |
Confirmed with tcpdumps on the kemp to ensure kemp was sending outbound SYSLOG messages on UDP/514 to the SIEM host in question. Kemp is confirmed to be sending outbound messages, however as UDP is connectionless we are unable to see any positive response from SIEM. No logs are captured on SIEM side |
| Workaround: |
Try using a standard linux server with rsyslog as destination, and take tcpdump on server. Kemp was able to send syslogs to this linux server, pointing to an issue with the SIEM and how it was receiving logs. Investigate with the SIEM vendor to confirm if any settings need to be configured on it. |
| Notes: |