How to setup Syslog-ng to forward events to a Symantec Security Information Manager (SSIM).
To setup Syslog-ng to forward events to a SSIM appliance, you must configure Syslog-ng to have that SSIM appliance as a log server, then restart the syslog service.
Before configuring Syslog-ng, make sure the computer can resolve the hostname of the SSIM appliance. If you must, you can enter the IP Address and Hostname of the SSIM in the computers /etc/hosts file.
Note: You will need to adjust the logging format with templates (more info can be found in the syslog-ng documentation):
Reference the Unix collector PDF for proper syslog formating.
To make Syslog-ng use the new settings you must restart the syslog service with the command: service syslog restart
In some distrobutions you may need to stop and start the syslog service with the two commands below:
service syslog stop
service syslog start