Trend Micro Email Security allows you to add, edit or delete syslog server profiles for syslog forwarding.
The Syslog Forwarding tab appears by default.
The Add Syslog Server Profile or Edit Syslog Server Profile screen appears.
Profile name: Unique profile name for a syslog server.
Description: Description of this profile.
Server address: IP address or FQDN of the syslog server.
Port: Port number of the syslog server.
Protocol: Protocol to be used to transport logs to the syslog server.
This option applies the Transport Layer Security (TLS) encryption for messages sent to the syslog server.
Format: Format in which event logs are sent to the syslog server.
For details about the Common Event Format (CEF) format, see Content Mapping Between Log Output and CEF Syslog Type.
Severity: Severity level assigned to syslog messages.
Enable TLS authentication: Whether to enable TLS authentication for the connection between the syslog server and Trend Micro Email Security.
If you select the Enable TLS authentication check box, Trend Micro Email Security starts to execute TLS authentication.
If the TLS authentication is successful, the new syslog server profile appears in the profile list on the Syslog Server Profiles tab or the existing profile is updated.
If the TLS authentication is unsuccessful, the Peer Certificate Summary dialog box pops up, displaying peer certificate information such as the certificate ID, subject, and subject key ID.
When detecting that the certificate is not issued by a known Certificate Authority (CA), Trend Micro Email Security prompts you to trust or not trust the certificate. In other cases, an error message is displayed, instructing you how to fix the error.
To test the connection between the syslog server and Trend Micro Email Security, click Test under Connection.