Configuring Deep Discovery Inspector Syslog Settings Parent topic

Configure Deep Discovery Inspector to forward logs to Splunk.

Procedure

  1. On the Deep Discovery Inspector management console, go to the Syslog screen.
    • Versions 3.6 and 3.7: LogsSyslog Server Settings
    • Version 3.8: AdministrationIntegrated Products / ServicesSyslog
  2. Click Add.
    The Add Syslog Server screen appears.
  3. Select Enable syslog server.
  4. Specify the following:
    Option Description
    Server name or IP address
    IP address of the Splunk server
    Port
    8080
    Important
    Important
    If your network firewall prevents the Splunk server from receiving data through TCP port 8080, specify another port and protocol based on your network policy. The specified settings must match the Data Input settings on Splunk.
    Protocol
    TCP
    Facility level
    Any available facility level
    Severity level
    Any available severity level
    Log format
    Trend Micro Event Format (TMEF)
    Note
    Note
    TMEF is the format used by Trend Micro products for reporting event information.
  5. Select all log types under Detection logs.
  6. Click Save.