Configuring Syslog Forwarding

Follow these steps to configure the syslog server where the on-premises gateway forwards access logs.

When receiving events, TMWS stores the events in its database and forwards syslog messages to an external syslog server in a structured format, which allows third-party application integration.

  1. Click On or Off to enable or disable syslog forwarding.
  2. Specify the following:
    • Server address: IP address or FQDN of the syslog server.

    • Port: Port number of the syslog server.

    • Protocol: Protocol to be used to transport logs to the syslog server.


      In this version, only UDP is supported.

    • Format: Format in which event logs are sent to the syslog server.


      In this version, only CEF is supported.

    • CEF keys: CEF keys that you want to add in syslog messages.

      For details about the Common Event Format (CEF) format and CEF keys, see Content Mapping Between TMWS Log Output and CEF Syslog Formats. The header keys are not configurable and by default they are added in every syslog message. The other key names are case sensitive and should exactly match the name in the CEF KEY or Variable.

  3. Click Save.