Cloud Syslog Forwarding

TMWS allows administrators to configure a syslog server and install a syslog forwarding tool to forward access logs and audit logs on the TMWS cloud to your organization's syslog server.

Note:

To get audit logs from TMWS, make sure that you have installed the syslog forwarding tool version 3.4.1.5500 or later.

When receiving events, TMWS stores the events in its database and forwards syslog messages to an external syslog server in a structured format, which allows third-party application integration.

The following diagram illustrates the syslog forwarding topology for your organization.

  1. Click On or Off to enable or disable syslog forwarding.
  2. Specify the following:
    • Server address: IP address or FQDN of the syslog server.

    • Port: Port number of the syslog server.

    • Protocol: Protocol to be used to transport logs to the syslog server.

      Note:

      In this version, only UDP is supported.

    • Format: Format in which event logs are sent to the syslog server.

      Note:

      In this version, only CEF is supported.

    • CEF keys: CEF keys that you want to add in syslog messages.

      For details about the Common Event Format (CEF) format and CEF keys, see Content Mapping Between TMWS Log Output and CEF Syslog Formats. The header keys are not configurable and by default they are added in every syslog message. The other key names are case sensitive and should exactly match the name in the CEF KEY or Variable.

  3. Click Save.
  4. Optionally click Apply to On-Premises.

    If there is one or several on-premises gateways configured for your organization, whether enabled with syslog forwarding or not, this step will apply the settings here to all these gateways and override their existing settings. To change the configurations of a specific on-premises gateway, go to Gateways, click the gateway, and configure it on the Syslog Forwarding screen.

  5. Install and register the syslog forwarding tool.
    1. Click Download the installation package to download the installation package of the syslog forwarding tool to your device.
    2. Open the installation package and install the syslog forwarding tool. For details, see Installing the Syslog Forwarding Tool.
    3. Optionally click Generate New Token.
      Important:

      A default registration token is provided. If you generate a new token, make sure to update it in the syslog forwarding tool.