Logscape can receive syslog data. The syslog server is started by default on the Management host. Applications like Snare can be used on Windows to forward windows event logs to Logscape. To change the default ports of the Syslog server edit the boot.properties and modify the following properties:
NOTE: Using ports < 1024 on Unix machines require extra configuration. Contact your systems administrator to provide nonroot access to ports < 1024.
Once you are happy with your settings restart Logscape
Verifying your syslog port - When Logscape starts up, it will log the settings for the Sysog server as it starts.
Logescape Syslog server logs are kept in the followig location:When you open the file you will see details for the TCP and UDP Syslog servers.
Syslog TCP Server (On port 1468)<org.productivity.java.syslog4j.server.SyslogServerMain_-Options> <protocol>tcp</protocol> <fileName>/Volumes/Media/workspace/workspace_1.2/master/build/logscape/work/SysLogServer</fileName> <append>true</append> <quiet>true</quiet> <port>1468</port> </org.productivity.java.syslog4j.server.SyslogServerMain_-Options>Syslog UDP Server (On port 1514)
<org.productivity.java.syslog4j.server.SyslogServerMain_-Options> <protocol>udp</protocol> <fileName>/Volumes/Media/workspace/workspace_1.2/master/build/logscape/work/SysLogServer</fileName> <append>true</append> <quiet>true</quiet> <port>1514</port> </org.productivity.java.syslog4j.server.SyslogServerMain_-Options>
