Sending Syslog Data to Your NetWatcher Sensor

Chief Executive Officer at NetWatcher
July 18, 2016

What is Syslog

Syslog is a way for network devices to send event messages to a logging server – in our case it’s the NetWatcher sensor. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events.   A wide variety of devices, such as printers, routers, and firewalls across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository.

Setting up NetWatcher to collect Syslog data

Step 1 – Get the ‘Local DNS’ name for the sensor

   Step 1.1 – Log into the Customer Portal and go to ‘Configure | My Sensors’


   Step 1.2 – Go into the sensor details page and get the ‘Local DNS’ name for the sensor


Step 2 – Login to your firewall (or any device that you want to point at the sensor) and configure it to send syslog data to the NetWatcher sensor.  Here is an example on a SonicWall firewall


How to view your firewall’s syslog data in the Customer Portal

Step 1 – Go to the ‘Advanced’ tab, choose Events, and filter on Type = “Sagan”


Step 2 – View the details of a syslog event



  1. You must tell us the type of device and IP Address of the device sending syslogs so we can enable the appropriate ruleset on the backend. This will be automated soon.
  2. TLS on Port 10514 is not supported yet. We currently only support UDP 514


How to Report Issues:

Send email to with Title: SIEM Feedback