I have followed th installation guide on configuring SNARE to push events to CS-MARS and am not receiving any events. There is some slight ambiguity in the instructions on configuring the SNARE agent which I am not not sure about:
1) Where it says check Syslog is using port 514, I presumed this is the "destination port" field.
2) On the SANRE client what should SYSLOG facility and SYSLOG Priority be set as.
3) How can I tell what is causing the event logging not to work, I check the MARS audit logs and there is nothing there.