Syslog Integration¶
Once configured, all existing and new Valtix Gateways using the defined Syslog Profile will send selected Flow Logs, Firewall Events or HTTPS Logs to your Syslog server with the configuration options selected.
In order to complete the steps in this guide, you will need:
A Syslog server IP Address and Port
Create a Syslog Profile¶
- Navigate to Manage -> Profiles -> Log Forwarding
- Click Create
- Profile Name - Enter unique name for the integration. Example
valtix-syslog
Note: Spaces are not permitted. - Description (optional) - Enter a description for the integration
- SIEM Vendor - Using the pulldown, choose Syslog
- Server IP - Enter the Syslog server IP Address. Example
52.67.3.54
- Protocol - UDP is the default. Npte: This the only supported protocol currently.
- Port - Enter the Syslog listening port number.
- Format - IETF is the default. Npte: This the only supported format currently.
- Flow Logs - Click Yes or No to forward Flow Logs using this profile.
- Firewall Events - Click Yes or No to forward Firewall Events using this profile.
- HTTPS Logs - Click Yes or No to forward HTTPS Logs using this profile.
- Network Threats - Using the pulldown,select a Severity level to forward.
- Options are:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
- Options are:
- Web Attacks - sing the pulldown,select a Severity level to forward
- Options are:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
- Options are:
- Click Save