Table of Contents | ||||||
---|---|---|---|---|---|---|
|
The tag edr.fireeye.alerts identifies log events generated by FireEye Security Solutions.
...
Info | ||
---|---|---|
| ||
Instead of the Devo relay, you may opt to use tools like NXlog, Fluentd, or Logstash to collect the alert events, apply the Devo tag, and forward them securely to your Devo cloud. Learn more in Other data collection methods. Here we explain how to send events using the Devo relay. |
...
- Go to Settings - Notifications.
- Check the rsyslog Event Type ckeckbox in the Notification Settings grid.
- Click the rsyslog column heading to open the Rsyslog Settings.
Specify the following, then click Apply Settings.
Field Value Default format JSON - Concise Default delivery Per event Default send as Alert In the Rsyslog Server Listing section, click Add Rsyslog Server, then specify the following:
Field Value Enabled Yes IP Address <DevoRelayIP> Delivery Default Notification All Events Format Default Send as Default Account N/A Protocol TCP Click Update to save the new Rsyslog server.
To assign the port on the relay to which you are sending events, go to the CLI and enter the following command:
Code Block logging <devo_relay_ip_address> port <relay_port>
For example,
Code Block logging 111.23.4.56 port 13003
At this point, the events should be getting sent to the Devo relay where the correct tag is applied before being securely forwarded to your Devo domain.