Hello,

Is it possible (and how) to regularly send audit file (serverevents.txt) to another syslog server for further processing?

Thank you and Best Regards,

Bojan

p.s. We are using PA File Sight Ultra, version 4.2.1.44

asked 22 Aug '12, 05:02

Bojan's gravatar image

Bojan
310235
accept rate: 0%

edited 22 Aug '12, 09:19

Doug's gravatar image

Doug ♦♦
10.1k112037


The best way I can think of is to attach a Syslog Sender action to the File Sight monitor instead of/along with the Write to Log File action you are currently using to create the serverevents.txt file. That way you'd get near-real time events flowing directly from the File Sight monitor to your syslog processor, without a stop in a the log file in between.

link

answered 22 Aug '12, 09:19

Doug's gravatar image

Doug ♦♦
10.1k112037
accept rate: 22%

Hi Doug,

thanks for this - will try it out and report back...

:)

(22 Aug '12, 09:42) Bojan

Hello All,

the proposed solution worked fine :). Thanks again, Doug.

(23 Aug '12, 05:35) Bojan

Glad to hear it. Please mark the answer as accepted (the check mark at the right) so others will see at a glance that it worked.

(24 Aug '12, 09:46) Doug ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×18
×3
×2
×1

Asked: 22 Aug '12, 05:02

Seen: 3,749 times

Last updated: 24 Aug '12, 09:46