Supported configurations when forwarding to both 1st and 3rd party SIEM/SEM hosts

Supported configurations when forwarding to both 1st and 3rd party SIEM/SEM hosts

book

Article ID: KB0077487

calendar_today

Updated On:

Products Versions
TIBCO LogLogic Log Management Intelligence all versions

Description

For LogLogic LMI versions up to 4.8.1 the use of message forwarding to 3rd party (i.e. non-LogLogic LMI/SEM) destinations is not supported. In the GUI, there are only 2 options: "Destination is LogLogic" or "Destination is not LogLogic". If the Destination is not LogLogic, it means ExaProtect SEM. This causes LMi to automatically add the SEM header in front of every file-based log message when sending the event data.

Starting with version 4.9.0, LogLogic LMI supports message forwarding to 3rd party (i.e. non-LogLogic LMI/SEM) destinations. This equates to choosing “Other Destinations” as the Destination Type in the GUI. LMI will only forward to 3rd party hosts using raw TCP or UDP syslog. The prepending option adds “<109>” at the beginning of each message.

Issue/Introduction

This article explains the LMI versions needed for supporting message routing to 1st and 3rd party SIEM/SEM hosts.