Procedure

1. Perform on Deep Discovery Director - Network Analytics
1. Log on to Deep Discovery Director and access the Settings screen.
   Accessing the Settings Screen
2. Go to Syslog Settings and record the syslog IP address and port number.
   You can change the syslog port number if desired.
3. Close the Settings screen.
4. Perform on Deep Discovery Inspector.
4. Log on to the Deep Discovery Inspector console.
5. Go to Administration → Integrated Products/Services → Syslog.
6. Click Add.
   The Add Syslog Server screen appears.

   

7. Select Enable syslog server.
8. In Server name or IP address and Port, type the IP address and port number identified in Step 2 above.
   The default Deep Discovery Director - Network Analytics syslog port is 514.
9. Configure the following:

   Field	Value
   Protocol	TCP
   Facility level	local3 The facility level specifies the source of a message.
   Syslog severity level	Informational The syslog severity level specifies the type of messages to be sent to the syslog server. Deep Discovery Inspector will send informational and above messages.
   Log format	Trend Micro Event Format (TMEF) Specifies the format with which to send event logs to the syslog server. Trend Micro Event Format (TMEF) is the format used by Trend Micro products for reporting event information.
   Logs to send to the syslog server	Select all logs in the Detection logs section. Note Do not select logs in the System event logs section.

10. Select Connect through a proxy server to use the settings configured on Administration → System Settings → Proxy to connect to a syslog server.
    Select this option if Deep Discovery Inspector requires the use of proxy servers for intranet connections.
11. Click Save.
12. Log out of the Deep Discovery Inspector console.