You can add an SIEM connector for syslog servers such as Kiwi Syslog Server and ArcSight Syslog Server.
Procedure
-
From the navigation pane, go to Manage > System.
The System page appears.
-
Click the SIEM connector tile.
The SIEM Connector page appears.
-
Click Add connector.
The Add A SIEM Connector page appears.
-
On the General tab, enter the following information:
-
Connector name: Enter a name for the connector.
-
Connector type: From the list, select Syslog.
-
Streaming data: From the list, select the data that you want to send to the syslog server.
-
-
Click Next.
-
On the Connector Definition tab, click Add syslog server, and then enter the syslog server IP address or hostname, port number, enable SSL, and upload the CA certificate file (optional) in .pem format.
Note
Custom ports are not allowed on the GUI due to security restrictions. Although the interface currently allows entering any port, but only the default ports are permitted:
- UDP Port 514
- TCP Port 6514
-
Click Submit.