Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

ForcePoint : Syslog Configuration

Owned by Customer Success & Engineering (Unlicensed)
Sept 29, 2022
2 min read

Sending logs to a SIEM product or Syslog

System Management | TRITON RiskVision | 02-June-2016

Use the System > Logging tab to configure RiskVision to forward logs to a third-party SIEM product, syslog, or both.

SIEM

To send RiskVision incident logs to a third-party SIEM product:

  1.  

Toggle the Enable SIEM logging switch to ON.

  1.  

Enter the IP address or hostname and communication Port for your SIEM server.

  1.  

Select a Transport protocol (TCP or UDP).

  1.  

Configure which logs to send by selecting one or more Threat levels. By default, malicious and suspicious incident logs are forwarded.

  1.  

Select an SIEM format to use (the default is syslog/CEF):

If you select the syslog/CEF (Arcsight) or syslog/LEEF (QRadar) format from the list, the Format string field offers a read-only display of the format that will be used.

To modify the string, click Edit.

If you select Custom from the list, Format string field shows either a blank entry field or the custom string that you previously saved.

See RiskVision SIEM/Syslog format strings for more information on creating, editing, and interpreting format strings.

  1.  

Click Apply to save your changes.

If you have created a custom format string, it is saved. You can make further modifications later by selecting the Custom option in the Format string drop-down list.

Syslog

To forward RiskVision incident logs to Syslog:

  1.  

Toggle the Enable syslog logging switch to ON.

  1.  

Configure which logs to send by selecting one or more Threat levels. By default, malicious and suspicious incident logs are forwarded.

  1.  

Select an Format to use (Default or Custom).

If you select Default, the Format string field offers a read-only display of the format that will be used.

Click Edit, to modify the default format string.

If you select Custom from the list, Format string field shows either a blank entry field or the custom string that you previously saved.

See RiskVision SIEM/syslog format strings for more information on creating, editing, and interpreting format strings.

  1.  

Click Apply to save your changes.

If you have created a custom format string, it is saved. You can make further modifications later by selecting the Custom option in the Format string drop-down list.

 

Seceon Inc. All rights reserved. https://www.seceon.com