GoAnywhere Forum

Hi,

due to compliance reasons our company has to log all security relevant events in central SIEM systems.
After configuring the LogManager Settings in goanywhere services (currently 3.4.2) it seems that only the "Remarks" column gets sent over the Syslog connection.
Pattern: Date GAServerName Identifier RemarksColumn
This is not sufficient for us - only the "Remarks" column doesn't bring up any context for correlation and log analysis.

Which settings we have to configure to also get the Remote IP Adresses, Usernames, Ports, Physical Pathes, and FileSizes in the Syslog Messages?

Thanks In advance
mle

I am using version 5.1.3 and I would like the same information to go to our SIEMS. What settings need to be made in GoAnywhere Services to make this happen.

Thank you,
Ed

Same thing here. I enabled syslog and have a bout load of "restricted IP Address" messages being logged, but it doesn't give the IP.

@Linoma - any ideas on how to get usable info in the syslog message?

GAMFT Version 5.3 had some syslog enhancements that should address this:

> Enhanced the Syslog capabilities to support Structured Data, including the ability to specify what audit information gets sent to the Syslog server.