Adding a Syslog Server Parent topic

Add a maximum of three syslog servers.

Procedure

  1. Go to AdministrationIntegrated Products / ServicesSyslog.
  2. Click Add.
    The Add Syslog Server screen appears.
  3. Select Enable syslog server.
  4. Type the server name or IP address and the port number of the syslog server.
    Trend Micro recommends using the following default syslog ports:
    • UDP: 514
    • TCP: 601
    • SSL: 6514
  5. Select a facility level.
    The facility level specifies the source of a message.
  6. Select a syslog severity level.
    The syslog severity level specifies the type of messages to be sent to the syslog server.

    Syslog Severity Levels

    Level
    Severity
    Description
    0
    Emergency
    • Complete system failure
    Take immediate action.
    1
    Critical
    • Primary system failure
    Take immediate action.
    2
    Alert
    • Urgent failures
    Take immediate action.
    3
    Error
    • Non-urgent failures
    Resolve issues quickly.
    4
    Warning
    • Error pending
    Take action to avoid errors.
    5
    Notice
    • Unusual events
    Immediate action is not required.
    6
    Informational
    • Normal operational messages useful for reporting, measuring throughput, and other purposes
    No action is required.
    7
    Debug
    • Useful information when debugging the application.
    Note
    Note
    Setting the debug level can generate a large amount of syslog traffic in a busy network. Use with caution.
  7. Select the format to send event logs to the syslog server.
    • CEF
      Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.
    • LEEF
      Log Event Extended Format (LEEF) is a customized event format for IBM® QRadar® Security Intelligence Platform. LEEF comprises an LEEF header, event attributes, and an optional syslog header.
    • Trend Micro Event Format (TMEF)
      Trend Micro Event Format (TMEF) is the format used by Trend Micro products for reporting event information. Deep Discovery Advisor uses TMEF to integrate events from various Trend Micro products.
  8. Select the logs to send to the syslog server.
  9. Select Connect through a proxy server to use the settings configured on AdministrationSystem SettingsProxy to connect to a syslog server.
    Select this option if you require the use of proxy servers for intranet connections.
  10. Click Save.