Data acquisition

Each probe uses a different method to acquire data. Which method the probe uses depends on the target system from which it receives data.

The Syslogd Probe receives events on the UDP port of a local machine; by default, this is port 514. The probe acts as a listening server on this host machine. When events are received on the UDP port, the probe parses the event data and breaks it at every space character. The probe then tokenizes the data using the rules file and sends tokens to the ObjectServer.

Data acquisition is described in the following topics: