.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Configuring syslog forwarding in RSA Security Analytics is not successful after following documented steps
Issue
Configuring syslog forwarding in RSA Security Analytics is not successful after following documented steps.Syslog forwarding does not work after following instructions described in the following URL: https://sadocs.emc.com/0_en-us/095_10.3_User_Guide/13_Device_and_Service_Configuration/30_Decoder_and_Log_Decoder_CG/Configure_Syslog_Forwarding_to_Destination
Cause
The RSA Security Analytics documentation does not have correct instructions at the time this article was written.Resolution
The RSA Security Analytics 10.3 SP3 documentation has following description in step 1:
f. Append any rule syntax that you want and the forward command to the rule's parameters.
The correct step should be: Append any rule syntax that you want and the forward alert command to the rule's parameters. See the example below.
order=1 rule=* name=receiver forwarder alert
The JIRA tickets SACE-1234 and SADOCS-495 were opened for this issue and for the documentation to be updated.
Internal Comments
UserName:shurtj7/23/2014 2:48:11 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Changed the audience to be internal and modified the statements accordingly to adhere to Primus best practices.
Product Details
RSA Security AnalyticsRSA Security Analytics 10.3.2 and above
INTERNAL ONLY!!!