Deep Discovery Analyzer can forward logs to multiple syslog servers after saving the logs to its database.
-
Deep Discovery Analyzer can be configured to forward logs to a maximum of 3 syslog servers.
-
Only logs saved after enabling this setting are forwarded. Previous logs are excluded.
-
Go to Administration > Integrated Products/Services > Syslog.
The Syslog Settings screen appears.
-
Perform one of the following:
-
To add a new syslog server, click Add.
-
To update the details of an existing syslog server, click the name of the syslog server to be updated.
-
- On the screen that appears, specify the Status for the profile.
- Type the Profile name and Server address of the syslog server.
-
Type the port number.
Note:
Trend Micro recommends using the following default syslog ports:
-
UDP: 514
-
TCP: 601
-
SSL: 443
-
-
Select the protocol to transport log content to the syslog server.
-
UDP
-
TCP
-
SSL/TLS
-
-
Select the format in which event logs are sent to the syslog server.
-
CEF: Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.
-
LEEF: Log Event Extended Format (LEEF) is a customized event format for IBM Security QRadar. LEEF comprises an LEEF header, event attributes, and an optional syslog header.
-
Trend Micro Event Format (TMEF): Trend Micro Event Format (TMEF) is a customized event format developed by Trend Micro and is used by Trend Micro products for reporting event information.
-
-
Select the scope of logs to send to the syslog server:
-
Virtual Analyzer analysis logs
-
Integrated product detection logs
-
ICAP pre-scan logs
-
System event logs
-
Alert event logs
-
- (Optional) Select the logs to exclude from sending to the syslog server.
- Click Save.