I'm trying to forward syslog message to QRadar. The QRadar admin believes CA PAM might be sending a single message broken up into multiple messages. He asked if CA PAM as a max message size that might be coming into play here?
Release : 3.4.x
Component : PRIVILEGED ACCESS MANAGEMENT
Our syslog forwarder uses the RFC 5424 syslog standard and can send messages up to 2048 octets.