Document toolboxDocument toolbox

Send Audit Logs to a Syslog Server

Devo SOAR can send Syslog files directly to your log management system, such as Splunk or Sumo Logic, as they become available on an ongoing basis.

To Edit or to activate Start Sending Syslog files to your log management system:

  1. Navigate to Settings > Account on left navigation and select Syslog tab.

  2. Click on Edit to change the default settings.

  3. Enter the Destination IP Address or Hostname and the Destination Syslog Port of the remote management system.

  4. Select the Syslog Message Format: RFC5424 or BSD.

  5. To encrypt the log content over the network, select the radio button as Yes for Transport Security (TLS).

  6. Paste the SSL Certification provided by the remote server into the text box that’s provided.

  7. Click Save.

👍 Select Start Sending to start sending files (Green tick mark along with the text Sending will be represented against the STATUS)
Devo SOAR will start sending Syslog files as they become available.

Select Stop Sending to stop sending files at any time (Pause mark along with the text Not Sending will be represented against the STATUS).

When you save and start sending, a test message is sent to the remote Syslog server to validate the configuration of the Syslog server. If the validation is successful, a message is displayed on the screen.

Note

If the remote syslog server is restarted, you need to stop and then restart sending.