Configure a Syslog Receiver for SSPM
Table of Contents
Configure a Syslog Receiver for SSPM
You can configure SSPM send log information to a syslog server, such as Splunk.
Syslog is a standard log transport mechanism that enables the
aggregation of log data from different sources into a central repository for
archiving. SSPM can forward logs to an external syslog server, which is also called
a syslog receiver. To configure SSPM to send logs to a syslog server,
you provide SSPM with the IP address of the syslog server and the port on which the
syslog server receives new events.
This syslog feature requires TLS 1.0 (or later) communications protocol for
connections between SSPM and the external syslog server.
- To configure syslog monitoring, go to .Click Add Syslog/API Client to create a Syslog server profile.If necessary, select Syslog Receiver as the Service Type.Enter a Name for the profile.Specify the information that SSPM needs to connect to the syslog server.
- SERVER IP ADDRESS—IP address of the syslog server.
- PORT—The port number on which you send syslog messages. You must use the same port number for Data Security and the syslog server.
- FACILITY—Select a syslog standard value (for example, LOG_USER) to calculate the priority (PRI) field in your syslog server implementation. The PRI part of the syslog message represents the Facility and Severity of the message. Select the value that maps to how you use the PRI field to manage your syslog messages. Values can be LOG_USER or LOG_LOCAL0 through LOG_LOCAL7.
- MESSAGE FORMAT—Select the syslog message format to use: BSD or IETF. Traditionally, IETF format is used over TCP or SSL.
Save your changes.On the Syslog server, self-sign your server and create the SSL certificate, then enable TLS in the syslog configuration, setting the TLS option to peer-verify(optional-untrusted).
