Current view: XpoLog V7 (Latest). Available: XpoLog V6 and XpoLog V5

Skip to end of metadata
Go to start of metadata

The Syslog forwarder can send via Syslog either Raw Data (as originated from sources) and automatically convert it to CEF (Common Event Format) format.

To send data over Syslog (Raw Data) Forwarder:

  1. Go to Manager > Left Navigation Panel > Data > Collection Polices-> Edit a collection policy-> Data Forwarding.
  2. Add New Syslog Forwarder, for each forwarder the following should be configured:
    1. Name: the name of the Syslog Forwarder
    2. Description: the description of the Syslog Forwarder
    3. Enabled: the Syslog forwarder is enabled by default. Uncheck for disabling.
    4. Host: the remote host to which data should be sent.
    5. Port: the port that will be used by the Syslog Forwarder to send data.
    6. Protocol: the Syslog can forward data on either UDP or TCP
    7. Data Filter Query: Enter a data filter query

     3. Save the Syslog Forwarder.
     4. Data sent from the Syslog Forwarder will be sent to the configured device.

 

To send data over Syslog (CEF Format) Forwarder:

  1. Go to Manager > Left Navigation Panel > Data > Collection Polices-> Edit a collection policy-> Data Forwarding.
  2. Add New CEF (Syslog) Forwarder, for each forwarder the following should be configured:
    1. Name: the name of the Syslog Forwarder
    2. Description: the description of the Syslog Forwarder
    3. Enabled: the Syslog forwarder is enabled by default. Uncheck for disabling.
    4. Host: the remote host to which data should be sent.
    5. Port: the port that will be used by the Syslog Forwarder to send data.
    6. Protocol: the Syslog can forward data on either UDP or TCP
    7. Data Filter Query: Enter a data filter query
  3. Advanced Settings:
    By default, if XpoLog receives data in CEF format already, it will include the CEF header in the CEF fields (vendor, product, version, id, name, severity and format version), if not by default it will add log name, server name, etc. in the created CEF header during forwarding.
  4. Save the Syslog Forwarder.
  5. Data sent from the Syslog Forwarder will be sent to the configured device.

Note: it is possible to configure multiple Syslog Forwarders in the same collection policy.

  • No labels