Skip to content

Syslog Integration

A Syslog Server is a common log collector that accepts a standard formatted Syslog message. Each Syslog message contains fields for Facility, Severity and Message. Almost any SIEM can accept Syslog formatted messages, although most SIEMs support other message formats. Valtix supports sending Flow Analytics events/logs to a Syslog Server. The following are a list of events/logs that can be forwarded:

  • Flow Logs (deprecated as of Gateway release version 2.10)
  • Firewall Events
  • HTTPS Logs
  • Network Threats
  • Web Protection

Events/Logs can be forwarded to a Syslog Server using a Log Forwarding Profile. Once created, the Log Forwarding Profile needs to be associated with a new or existing Gateway in order for the events/logs to be sent to the Syslog Server.

Creating a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Click Create
  3. Specify the following parameters
    1. Profile Name - Enter a unique name (Example: valtix-syslog)
    2. Description (optional) - Enter a description
    3. SIEM Vendor - Select Syslog from the pulldown menu
    4. Server IP - Enter the IP Address for the Syslog server (Example: 52.67.3.54)
    5. Protocol - Select TCP or UDP as the Protocol used by the Syslog server
    6. Port - Enter the Port number used by the Syslog server
    7. Format - Specify the Format used to send logs to the Syslog server
      • Note: Only IETF format is supported
    8. Flow Logs - Click Yes or No to forward all Flow Logs
    9. Firewall Events - Click Yes or No to forward all Firewall Events
    10. HTTPS Logs - Click Yes or No to forward all HTTPS Logs
    11. Network Threats - Select a Severity Level to forward Network Threats
      • Severity Levels: Emergency Alert Critical Error Warning Notice Info Debug
      • Note: All Network Threats for the severity level and higher will be forwarded
    12. Web Attacks - Select a Severity level to forward Web Attacks (Web Protection) using this profile
      • Severity Levels: Emergency Alert Critical Error Warning Notice Info Debug
      • Note: All Network Threats for the severity level and higher will be forwarded
  4. Click Save

Associating a Profile

In order for events/logs to be forwarding using a Log Forwarding Profile, the Profile needs to be associated with a Gateway. Each Gateway has a Log Profile parameter that will reference a single Log Forwarding Profile. To set the parameter, refer to (Security Gateways)[/userguide/gateways/overview/] and the corresponding sections on creating and modifying Gateways.