By default, SIEM integration is not used. You can enable and disable SIEM integration, and configure relevant settings (see the table below).
SIEM integration settings
Setting |
Default value |
Description |
Send events to a remote syslog server via syslog protocol |
Not applied |
You can enable or disable SIEM integration by selecting or clearing the check box, respectively. |
Remove local copies for events that have been sent to a remote syslog server |
Not applied |
You can configure the settings for storing local copies of logs after they are sent to the SIEM server by selecting or clearing the check box. |
Events format |
Structured data |
You can select one of two formats to which the application converts its events prior to sending them to the syslog server for better recognition of these events by the SIEM server. |
Connection protocol |
TCP |
You can use the drop-down list to configure the connection to the main and mirror syslog servers via the UDP or TCP protocols. |
Main syslog server connection settings |
IP address: 127.0.0.1 Port: 514 |
You can use the appropriate fields to configure the IP address and port used to connect to the main syslog server. You can specify the IP address only in IPv4 format. |
Use mirror syslog server if the main server is not accessible |
Not applied |
You can use the check box to enable or disable the use of a mirror syslog server. |
Mirror syslog server connection settings |
IP address: 127.0.0.1 Port: 514 |
You can use the appropriate fields to configure the IP address and port used to connect to the mirror syslog server. You can specify the IP address only in IPv4 format. |
To configure SIEM integration settings:
The Logs and notifications settings window opens.
The status of the Remove local copies for events that have been sent to a remote syslog server check box does not affect the settings for storing events of the security log: the application never automatically deletes security log events.
By default, the application converts them into a structured data format.
You can only specify an IP address in IPv4 format.
Specify the following settings for connecting to the mirror syslog server: Address and Port.
The Address and Port fields for the mirror syslog server cannot be edited if the Use mirror syslog server if the main server is not accessible check box is cleared.
You can only specify an IP address in IPv4 format.
The configured SIEM integration settings will be applied.