2 weeks ago
I have just started using Graylog to handle my Windows server logs and was starting to investigate sending Clearpass logs to Graylog. I did a search here, but the search did not come back with any results.
Does anyone have experience using Graylog with Clearpass?
Graylog instructions on receiving logs:
In specific the Graylog documents state:
"Graylog is able to accept and parse RFC 5424 and RFC 3164 compliant syslog messages and supports TCP transport with both the octet counting or termination character methods. UDP is also supported and the recommended way to send log messages in most architectures.
Many devices, especially routers and firewalls, do not send RFC compliant syslog messages. This might result in wrong or completely failing parsing."
I am not sure if Clearpass meeting either of the RFCs or not so thought I should ask in the Airhead community.