@ururu I have a similar use case but the configurations mentioned above are not giving the desired results. Did you add or modify some of the configurations? E.g., I saw it being mentioned elsewhere that the hadoop.root.logger value needs to be changed as well to include SYSLOG as a value. Did you do this too? Also, in case the external SIEM server expects a particular format, e.g., the RFC 5424 syslog format or a specific SIEM server format like Universal LEEF, what would be the best way to define this property?
... View more
