2

Security team has requested access logs of our bomgar appliance to be sent to their qradar (enterprise security information and event management (SIEM) product) server over port 514.

Will the events be properly sent when filling out the URL field shown below in the 'outbound events' tab? example. 127.0.0.12:514

enter image description here

John Hanley
  • 74,467
  • 6
  • 95
  • 159
fujioshi
  • 21
  • 1

1 Answers1

1

Yes, that should be fine if it is over UDP(514 default). But, if the syslog server is configured for TCP then the default port is 6514 (well-known port). So make sure this specific configuration?

Make sure the topology is in place as mentioned in RFC 5425 under Deployment Scenarios.

Milind Deore
  • 2,887
  • 5
  • 25
  • 40