Share XDR data with your syslog server by configuring the generic syslog connector.
The syslog connector is a generic SIEM connector, which allows you to send XDR data
to your on-premises syslog server. The connector supports multiple syslog server
connections.
 |
NoteEach Service Gateway appliance supports configuration with one syslog server. To
enable multiple syslog server connections, deploy multiple Service Gateway
appliances.
|
For syslog CEF mapping, see Syslog content mapping - CEF.
|
Category
|
Vendor
|
Associated Apps
|
|
SIEM
|
Not applicable
|
|
Procedure
- Go to .
- Click Syslog Connector (On-premises).
- In the Syslog Connector (On-premises) screen, enable Syslog Connector (On-premises) .
- Select the data to send to your syslog server(s).
-
Workbench alerts
-
Observed Attack Techniques
Note
You must select at least one data type. -
- Click Connect Syslog Server.
- In the Syslog Server Connection panel, configure the
following settings.SettingDescriptionServer addressSpecify the IP address or FQDN for your syslog server.Syslog formatSelect the syslog format.
Note
Syslog Connector (On-premises) currently only supports Common Event Format (CEF).ProtocolSelect the connection protocol.PortSpecify the port.Default port settings:-
SSL/TLS: 6514
-
TCP: 601
-
UDP: 514
Security Vendor(Optional) Specify the name of the SIEM vendor. -
- (Optional) Select Use CA certificate to upload a CA certificate to use when connecting to the syslog server.
- (Optional) If your syslog server requires authenticated connections, select Server requires client authentication to upload the client certificate and specify the passphrase.
- (Optional) Select Include Company ID in each raw log.
- Select a Service Gateway appliance with the Syslog Connector service installed from the Service Gateway drop-down list.
- Click Test Connection to perform a connection test and verify settings.
- Click Connect to test and save your connection settings.
- In the Syslog Connector (On-premises) screen, click Save.