I’m looking at both short term and long term integration and I’d like to know if this is possible under Windows instances of either LMS 2.6 or 3.2.
I’d like to be able to configure the common syslog collector to not only forward messages to the LMS Syslog Analyser but also to a remote host.
I can’t see any relevant field in collector.properties – is it possible to do this from the common collector (which would be my preference) or would this have to be defined as an action within the Syslog Analyser?
In an effort to reduce WAN traffic, I don’t want to simply set an additional syslog destination – I guess I’m trying to find the equivalent of syslogd –h.
Thanks for any suggestions
We hadn't considered syslog-ng when 2.6 was released. While only 3.2 was certified with this white paper, the same steps could be made to work with 2.6 as well.
The SyslogCollector is not designed to forward messages to a general syslog receiver. What you might want to look into is using syslog-ng as a replacement for the server's syslog server (not the Collector, but the daemon which receives the udp/514 messages). We have a white paper available on doing this at http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/white_paper_c11-571038.html .