Use collectors to receive log data from configured third-party data sources.
To ingest third-party log data, you must add collectors to log repositories. Collectors can receive log data in Common Event Format (CEF) or syslog format via
Third-Party Log Collection service on a Service Gateway or API.
When you configure a collector to receive third-party logs in CEF or syslog format
via Service Gateway, the collectors are assigned to a particular port on one of your
deployed Service Gateways with the Third-Party Log Collection service installed. Collectors
then receive valid logs from the IP addresses of your third-party log data sources
and forward the log data to the log repository, where the data is ingested according
to the settings you have specified.
Collectors for log data from Microsoft Defender for Endpoint are automatically created
when you enable the Microsoft Defender for Endpoint Log Collection feature for your
Azure subscription in Cloud Accounts. Select the log repository for the collector when enabling the feature. The collector
uses the settings you have specified for the selected log repository.
 |
ImportantThird-party data sources require configuration to send log data to Trend Vision One.
Refer to the log forwarding topics in your product documentation to learn how to set
up the correct configuration. If an IP address is required to set up a server profile,
use the IP address of the Service Gateway associated with the collector. For an example,
see the Palo Alto Networks Next-Generation Firewall documentation.
|
All log data received by a collector is ingested according to the associated log repository
settings. To use different ingestion or retention settings, create a new log repository.