How to enable forwarding Aria Logs appliance OS logs to a Syslog Server like Splunk SIEM

Aria Operations for Logs 8.x 

To enabled OS logs forwarding from Aria Logs to Splunk, please follow the below steps:

• Liagent file is used to forward OS logs. Aria Logs comes with a pre-installed Liagent located at /var/lib/loginsight-agent/liagent.ini
• Edit this file and add the below parameter as such:

Sample agent config should look like:
___________________________________
[server]
ssl_accept_any=yes
hostname=<loginsight_host_ip>
proto=cfapi
port=9543
ssl=yes

[filelog|li-log]
directory=/storage/var/loginsight
___________________________________

To only send audit logs from nodes we could add additionally add below line in filelog section above:
___________________________________
include=audit.log;audit.log.*

• This should be done on all nodes in the Aria Logs cluster 
• Now you should be able to see Aria Logs details itself under Agents section on the UI.
• Make sure Splunk SIEM server on Aria Logs under Log Forwarding section. 
• You can add filters according to logs you would like to be forwarded to your server.