Syslog Connector (On-premises) Configuration
Share XDR data with your syslog server by configuring the generic syslog connector.
This is a “Pre-release” feature and is not considered an official release. Please review the Pre-release Disclaimer before using the feature.
The syslog connector is a generic SIEM connector, which allows you to send XDR data to your on-premises syslog server. The connector supports multiple syslog server connections.
For syslog CEF mapping, see Syslog Content Mapping - CEF.
|
Category |
Vendor |
Associated Apps |
|---|---|---|
|
SIEM |
Not applicable |
|
- Go to Workflow and Automation > Third-Party Integration.
- Click Syslog Connector (On-premises).
- In the Syslog Connector (On-premises) screen, enable Syslog Connector (On-premises) .
-
Select the data to send to your syslog server(s).
-
Workbench alerts
-
Observed Attack Techniques
Note:You must select at least one data type.
-
- Click Connect Syslog Server.
-
In the Syslog Server Connection panel, configure the
following settings.
Setting
Description
Server address
Specify the IP address or FQDN for your syslog server.
Syslog format
Select the syslog format.
Note:Syslog Connector (On-premises) currently only supports Common Event Format (CEF).
Protocol
Select the connection protocol.
Port
Specify the port.
Default port settings:
-
SSL/TLS: 6514
-
TCP: 601
-
UDP: 514
-
- (Optional) Select Use CA certificate to upload a CA certificate to use when connecting to the syslog server.
- (Optional) If your syslog server requires authenticated connections, select Server requires client authentication to upload the client certificate.
- Click Test Connection to perform a connection test and verify settings.
- Click Connect to test and save your connection settings.
- In the Syslog Connector (On-premises) screen, click Save.
