Syslog Arcsight and remote destination Syslog combined
Hi All,
I have a Big IP LTM + ASM installed. Within the ASM I have a logging profile configured that sends the ASM logs in CEF format to Arcsight that works perfect.
I also have a standard Syslog destination configured in the System menu with the same remote log destination, because I also want standard Syslog information to be send to the same Syslog server.
The problem is that it just does not work. If I generate some logs by shutting down a pool there is no traffic sent to the Syslog server. The very strange thing is when I change the IP to another IP that is different than the Arcsight IP it is being sent.
So it seems like if you are not able to combine a ASM syslog CEF and a normal Syslog destination using the same IP destination.
I also tried to restart the syslog-ng daemon but that also did not fix the problem.
Does someone has an explanation for this?