Procedure

1. Go to Administration → Integrated Products/Services → Log Settings.
   The Log Settings screen appears.
2. Click Add Detection Syslog.
   The Add Syslog Server Profile screen appears.
3. (Optional) Enable or disable the detection syslog server profile.
   A new profile is enabled by default.
4. Type a profile name.
5. Type the host name (FQDN) or IP address of the syslog server.
6. Type the port number.
7. Select the protocol to be used when transporting log content to the syslog server.
   • TCP
   • UDP
   • SSL
8. Select the format in which event logs should be sent to the syslog server.
   • CEF: Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.
   • LEEF: Log Event Extended Format (LEEF) is a customized event format for IBM Security QRadar. LEEF comprises an LEEF header, event attributes, and an optional syslog header.
   • TMEF (Trend Micro Event Format): Trend Micro Event Format (TMEF) is a customized event format developed by Trend Micro and is used by Trend Micro products for reporting event information.
9. Click Save.