Syslog message/payload size

book

Article ID: 209113

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

I'm trying to forward syslog message to QRadar.  The QRadar admin believes CA PAM might be sending a single message broken up into multiple messages.  He asked if CA PAM as a max message size that might be coming into play here?

Environment

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Our syslog forwarder uses the RFC 5424 syslog standard and can send messages up to 2048 octets.