Working with parsed Active Roles logs in syslog-ng
In my previous OneIdentity Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to:
- Work with parsed Active Roles logs.
- Store logs to various document stores.
- Prepare long-term storage.
- Send alerts for some critical events.
Even if this blog about commercial software, the name-value pairs concept I describe in this blog in depth is the same in the open source syslog-ng.
https://www.syslog-ng.com/community/b/blog/posts/working-with-parsed-active-roles-logs-in-syslog-ng
