Procedure

1. Go to Administration → Integrated Products/Services → Syslog.
   The Syslog Settings screen appears.
2. Perform one of the following:
   • To add a new syslog server, click Add.
   • To update the details of an existing syslog server, click the name of the syslog server to be updated.
3. On the screen that appears, specify the Status for the profile.
4. Type the Profile name and Server address of the syslog server.
5. Type the port number.

   Note Trend Micro recommends using the following default syslog ports: UDP: 514 TCP: 601 SSL: 443

6. Select the protocol to transport log content to the syslog server.
   • UDP
   • TCP
   • SSL
7. Select the format in which event logs are sent to the syslog server.
   • CEF: Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.
   • LEEF: Log Event Extended Format (LEEF) is a customized event format for IBM Security QRadar. LEEF comprises an LEEF header, event attributes, and an optional syslog header.
   • Trend Micro Event Format (TMEF): Trend Micro Event Format (TMEF) is a customized event format developed by Trend Micro and is used by Trend Micro products for reporting event information.
8. Select the scope of logs to send to the syslog server:
   • Virtual Analyzer analysis logs
   • Integrated product detection logs
   • System event logs
   • Alert event logs
9. (Optional) Select the logs to exclude from sending to the syslog server.
10. Click Save.