Select the protocol that your syslog-enabled devices are currently using to send syslog data, UDP or TCP. On the Collectors page, click Add Source next to an Installed Collector.Navigate to the Installed Collector where you want to create the source.In Sumo Logic, select Manage Data > Collection > Collection.It’s also possible to configure individual sources to forward to CSE, as described in the following section. This will cause all sources on the collector to use the specified parser. If you are planning that all sources you add to this collector will use the same log parser (if they are the same type of log), click the +Add Field link, and add a field whose name is _parser with the value /Parsers/System/Fortinet/Fortigate/Fortigate-Syslog.
This will cause the collector to forward all of the logs collected by all of the sources on the collector to CSE. If you are planning that all the sources you add to this collector will forward log messages to CSE, click the +Add Field link, and add a field whose name is _siemForward and value is true.The string that you supply will be saved in a metadata field called _sourceCategory. Enter a string to tag the output collected from the source. Once the collector is installed, confirm it is available on the Collection page and select Edit.Instructions for your preferred operating system and method of installation are available on the Installed Collectors page. Download the appropriate collector for your operating system.The Add Installed Collector popup appears.
0 kommentar(er)
