You can control the logs of a network-based device added as Syslog on your Logsign SIEM product in two different ways through the web interface and CLI.
We open the source list from Settings > Device Management > Device List to control it from the web interface. We click on the magnifying glass icon to the right of the source for the logs we want to check.
To check using CLI, we first need to connect to Logsign SIEM with ssh.
With the ngrep port 514 command, we can see the logs from all syslog sources.
We can use the ngrep port 514 and host 'source ip address' command to display the log from only one syslog source.