Configure secure syslog settings for Log Analyzer
By default, Log Analyzer will accept secure syslog messages sent to port 6514 provided a secure connection has been established. Log Analyzer will also forward secure syslogs when a log forwarding custom rule action is set to TCP over TLS on port 6514.
- TCP forwarding (with the TCP port) supports both plain TCP and TCP over TLS.
- The TCP connection prevents IP spoofing.
If you have devices configured to transmit and forward secure syslog messages, contact SolarWinds Customer Support to ensure the syslog configuration settings are correct to avoid log processing errors. If necessary, SolarWinds can adjust the default values to accommodate a variety of scenarios.
Log Analyzer uses a non-CCPP compliant transmission method (sending and receiving) for secure syslogs. Many checks and errors, including name mismatches, server certificate revocation, certificate chain errors, and missing certificates are ignored. Log Analyzer includes the SolarWinds-Orion certificate for the server by default, which can only be changed by SolarWinds customer support.
If your TLS certificate subject contains a CN (Common Name) field (for example, OU, O, C), syslog transmissions may fail. Please contact SolarWinds customer support for assistance.