Syslog Tab

Deep Discovery Analyzer maintains system logs that provide summaries of the following:

  • Virtual Analyzer analysis logs

  • Integrated product detection logs

  • ICAP pre-scan logs

  • System events

  • Alert events

Use the Syslog tab, in Administration > Integrated Products/Services > Syslog, to configure Deep Discovery Analyzer to send logs to multiple syslog servers.

Configuring Syslog Settings

Deep Discovery Analyzer can forward logs to multiple syslog servers after saving the logs to its database.

Note:

  • Deep Discovery Analyzer can be configured to forward logs to a maximum of 3 syslog servers.

  • Only logs saved after enabling this setting are forwarded. Previous logs are excluded.

  1. Go to Administration > Integrated Products/Services > Syslog.

    The Syslog Settings screen appears.

  2. Perform one of the following:

    • To add a new syslog server, click Add.

    • To update the details of an existing syslog server, click the name of the syslog server to be updated.

  3. On the screen that appears, specify the Status for the profile.
  4. Type the Profile name and Server address of the syslog server.
  5. Type the port number.
    Note:

    Trend Micro recommends using the following default syslog ports:

    • UDP: 514

    • TCP: 601

    • SSL: 443

  6. Select the protocol to transport log content to the syslog server.

    • UDP

    • TCP

    • SSL

  7. Select the format in which event logs are sent to the syslog server.

    • CEF: Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.

    • LEEF: Log Event Extended Format (LEEF) is a customized event format for IBM Security QRadar. LEEF comprises an LEEF header, event attributes, and an optional syslog header.

    • Trend Micro Event Format (TMEF): Trend Micro Event Format (TMEF) is a customized event format developed by Trend Micro and is used by Trend Micro products for reporting event information.

  8. Select the scope of logs to send to the syslog server:

    • Virtual Analyzer analysis logs

    • Integrated product detection logs

    • ICAP pre-scan logs

    • System event logs

    • Alert event logs

  9. (Optional) Select the logs to exclude from sending to the syslog server.
  10. Click Save.