What is Syslog
Syslog is a way for network devices to send event messages to a logging server – in our case it’s the NetWatcher sensor. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. A wide variety of devices, such as printers, routers, and firewalls across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository.
Setting up NetWatcher to collect Syslog data
Step 1 – Get the ‘Local DNS’ name for the sensor
Step 1.1 – Log into the Customer Portal and go to ‘Configure | My Sensors’
Step 1.2 – Go into the sensor details page and get the ‘Local DNS’ name for the sensor
Step 2 – Login to your firewall (or any device that you want to point at the sensor) and configure it to send syslog data to the NetWatcher sensor. Here is an example on a SonicWall firewall
How to view your firewall’s syslog data in the Customer Portal
Step 1 – Go to the ‘Advanced’ tab, choose Events, and filter on Type = “Sagan”
Step 2 – View the details of a syslog event
FYI:
- You must tell us the type of device and IP Address of the device sending syslogs so we can enable the appropriate ruleset on the backend. This will be automated soon.
- TLS on Port 10514 is not supported yet. We currently only support UDP 514
How to Report Issues:
Send email to info@netwatcher.com with Title: SIEM Feedback
You must be logged in to post a comment.