Syslog

You can configure the Syslog delivery logs. You can configure the logs to transmit the 3rd party (SIEM, integrated log analysis system, data backup system, etc).

The following items are features available in Syslog Settings.

• Adding, Modifying, and Deleting Syslog Transfer Server

Note

The logs which are not configured as logs to deliver in Settings > Agent > Log Transfer Settings, the logs will never be transferred.

Syslog Settings

The servers list to deliver Syslog. You can check the servers list.

1. Select Settings on the top of the page.
2. Select System > Syslog Settings in the left side of the page.
3. You can check the servers list for the logs delivering to Syslog.

• Add: Add the server when delivering Syslog. Click Add to add the server list where Syslog is delivered.
• Delete: Deletes the server where Syslog is delivered.
• Modify: Modifies the server where Syslog is delivered. Click the item to modify in the list.
• Server Address: The servers list to deliver Syslog.
• Port No.: The server port number where Syslog is delivered.
• Protocol: The server port number to be used for delivering Syslog.
• Transfer: Select the logs items to deliver. You can choose up to 5 log items among Agent Events, Software Asset Change History, Malware Warning, Scan/Real-time Scan Events, Internet Security Events, and Device Control Events.

Add Syslog Transfer Server

You can transfer the logs from the agents to the server by adding the servers to deliver Syslog. You can add the server in the following way.

1. Select Settings on the top of the page.
2. Select System > Syslog Settings in the left side of the page.
3. Click Add.
4. Enter the required information in <Add Syslog Transfer Server>.

• Server Address: Enter the server address to transfer Syslog. Enter the IP address in IPv4 or IPv6 format.
• Port No.: Port number must be between 1 to 65535.
• Protocol: Select the protocol to be used for log transfer. Use the SSL protocol when creating the communication channel for safe connection.
• Transfer: Select the logs items to deliver. You can choose up to 5 log items.

5. Click OK.

Modify Syslog Transfer Server

You can modify the server in the following way.

1. Select Settings on the top of the page.
2. Select System > Syslog Settings in the left side of the page.
3. The registered Syslog list appears.
4. Click the item to modify in the list.
5. Enter the required information in <Modify Syslog Transfer Server>.
6. Click OK.

Delete Syslog Transfer Server

You can delete the server in the following way.

1. Select Settings on the top of the page.
2. Select System > Syslog Settings in the left side of the page.
3. The registered Syslog list appears.
4. Click Delete() from the left side of the admin account, or click Delete at the top of the page.
5. Click Yes when the confirmation message pops up.