Tripwire Enterprise (TE) has at least 3 means of providing syslog:
A syslog action is UDP/514 and can be configured for different syslog receivers. This will provide change information, file that changed, how it changed, what rule was used, and what system the change occurred on.
Log Management is TCP/1468 and provides logs of everything on the TE console including changes to configuration, logons, and audit events from the agents.
TE Event Sender is a utility added to a TE install to provide granular logging over TCP or UDP syslog on various events not included with the action or log management.
What option are we discussing?
... View more