remote
XML section name
<remote>
</remote>
Configuration of manager to listen for events from the agents.
Options
connection
Specifies a type of incoming connection to accept: secure or syslog.
Default value |
secure |
Allowed values |
secure, syslog |
port
Specifies the port to use to listen for events.
Default value |
1514 if secure, 514 if syslog |
Allowed values |
Any port number from 1 to 65535 |
protocol
Specifies the protocol to use. It is available for secure connections and syslog events.
Default value |
tcp |
Allowed values |
udp, tcp |
New in version 4.2.0: It is now possible to configure both UDP and TCP protocols to work simultaneously in the secure connections, this can be achieved by writing in the same configuration block the accepted protocols separated with a comma. For syslog connections, multiple protocols support require multiple configuration blocks since only one protocol per block is allowed.
allowed-ips
List of IP addresses that are allowed to send syslog messages to the server (one per line).
Default value |
n/a |
Allowed values |
Any IP address or network |
Note
It is necessary to list at least one IP address when using the syslog connection type.
denied-ips
List of IP addresses that are not allowed to send syslog messages to the server (one per line).
Default value |
n/a |
Allowed values |
Any IP address or network |
local_ip
Local ip address to use to listen for connections.
Default value |
All interfaces |
Allowed values |
Any internal ip address |
Example of configuration
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>tcp</protocol>
<allowed-ips>192.168.1.0/24</allowed-ips>
<local_ip>192.168.1.5</local_ip>
</remote>
<remote>
<connection>secure</connection>
<port>1514</port>
<protocol>tcp,udp</protocol>
<queue_size>16384</queue_size>
<rids_closing_time>5m</rids_closing_time>
</remote>