Send Audit Logs to a Syslog Server
Devo SOAR can send Syslog files directly to your log management system, such as Splunk or Sumo Logic, as they become available on an ongoing basis.
To Edit or to activate Start Sending
Syslog files to your log management system:
Navigate to Settings > Account on left navigation and select Syslog tab.
Click on Edit to change the default settings.
Enter the Destination IP Address or Hostname and the Destination Syslog Port of the remote management system.
Select the Syslog Message Format:
RFC5424
orBSD
.To encrypt the log content over the network, select the radio button as Yes for Transport Security (TLS).
Paste the SSL Certification provided by the remote server into the text box that’s provided.
Click Save.
👍 Select Start Sending
to start sending files (Green tick mark along with the text Sending
will be represented against the STATUS)
Devo SOAR will start sending Syslog files as they become available.
Select Stop Sending
to stop sending files at any time (Pause mark along with the text Not Sending
will be represented against the STATUS).
When you save and start sending, a test message is sent to the remote Syslog server to validate the configuration of the Syslog server. If the validation is successful, a message is displayed on the screen.
Note
If the remote syslog server is restarted, you need to stop and then restart sending.