Syslog Support in GA Services

Post any question you may have in regards to GoAnywhere Services and let our talented support staff and other users assist you.
4 posts Page 1 of 1

gasmle

Posts: 1
Joined: Fri May 23, 2014 4:47 am

Post by gasmle » Fri May 23, 2014 2:10 pm
Hi,

due to compliance reasons our company has to log all security relevant events in central SIEM systems.
After configuring the LogManager Settings in goanywhere services (currently 3.4.2) it seems that only the "Remarks" column gets sent over the Syslog connection.
Pattern: Date GAServerName Identifier RemarksColumn
This is not sufficient for us - only the "Remarks" column doesn't bring up any context for correlation and log analysis.

Which settings we have to configure to also get the Remote IP Adresses, Usernames, Ports, Physical Pathes, and FileSizes in the Syslog Messages?

Thanks In advance
mle

EdWyche

Posts: 4
Joined: Thu Jul 31, 2014 3:43 pm

Post by EdWyche » Wed Mar 02, 2016 12:04 pm
I am using version 5.1.3 and I would like the same information to go to our SIEMS. What settings need to be made in GoAnywhere Services to make this happen.

Thank you,
Ed

jstanley

Posts: 3
Joined: Thu Nov 12, 2015 6:33 pm

Post by jstanley » Tue May 17, 2016 9:15 pm
Same thing here. I enabled syslog and have a bout load of "restricted IP Address" messages being logged, but it doesn't give the IP.

@Linoma - any ideas on how to get usable info in the syslog message?

Support_Rick

Support Specialist
Posts: 590
Joined: Tue Jul 17, 2012 2:12 pm
Location: Phoenix, AZ

Post by Support_Rick » Wed Sep 21, 2016 9:59 am
GAMFT Version 5.3 had some syslog enhancements that should address this:

> Enhanced the Syslog capabilities to support Structured Data, including the ability to specify what audit information gets sent to the Syslog server.
Rick Elliott
Lead Solutions Consultant
(402) 944.4242
(800) 949-4696
4 posts Page 1 of 1