See Also
Logger can send events (as they are received or stored events) to other hosts using UDP or TCP, to a Logger, SmartConnector, Transformation Hub or to an ESM. The events sent to a particular host can be filtered by a query. Outgoing syslog messages can be configured to either pass the original source IP and timestamp or to use Logger's “send time” and IP address.
Logger can send CEF events directly to an ArcSight Manager using its built-in SmartConnector. Logger can act as a funnel, receiving events at very high volumes and sending fewer, filtered events on to an ArcSight Manager, as depicted under Logger can act as a funnel, forwarding selected events to ESM.
The following topics provide more information about forwarding events: