Expected and recommended workflow to forward Syslogs from Aria Operations to a 3rd party via UDP, would be to use Aria Operations for Logs as a forwarder.

However, in the scenario where it is not possible to use Aria Operations for Logs, this can be set manually.

Aria Operations 8.x

1. In the Aria Operations UI go to "Administration -> Control Panel -> Log Forwarding"
   • Make sure to check the box labeled "Output logs to external log server."
   • Input the FQDN or IP of the host you want to send the logs to.
   • Set Protocol to "Syslog"
   • Hit "Apply Changes" in the lower right corner.
2. Log in to each Analytics node and Cloud Proxy through SSH as "root" and perform the following steps:
   • Run command: vi /var/lib/loginsight-agent/liagent.ini
   • Look for "proto=syslog" that is not commented out (without the semicolon in front)
   • Hit the "Insert" key
   • change "proto=syslog" to "proto=syslog_udp"
   • verify that "port" is set to 514
   • Hit "Esc"
   • Type the following to Save and Exit:   :wq