Skip to main content
Skip table of contents

Syslog Integration

Purpose

The focus of this document is to provide a technical overview of Syslog integration, emphasizing its significance in enhancing asset monitoring for organizations. It highlights the Syslog integration configuration process, including available parameters for precise integration setup. This document aims to equip organizations with the knowledge required to effectively use Syslog integration for advanced asset monitoring within their operational contexts.

Description

Syslog, short for System Logging Protocol, is a standardized protocol used for sending and receiving log and event messages in a networked environment. It plays a crucial role in effective IT management and security by collecting, storing, and analyzing log data generated by various devices, applications, and systems within an organization's IT infrastructure.

Here is an overview of what Syslog is and what Syslog integration can do:

  • Centralized Log Management: Syslog integration enables organizations to centralize the collection of log and event data from a wide range of sources, including servers, routers, switches, firewalls, and applications. This centralization streamlines the monitoring and analysis of log information, making it easier to identify issues and security threats.

  • Real-time Monitoring: Syslog allows for real-time monitoring of critical events and activities across the network. It provides immediate visibility into system behavior, potential security incidents, and performance anomalies. This proactive monitoring helps organizations respond swiftly to emerging issues.

  • Security and Compliance: Syslog integration is a fundamental component of security information and event management (SIEM) solutions. It assists in detecting and mitigating security breaches, intrusions, and unauthorized access attempts. Additionally, Syslog data can be crucial for compliance with industry regulations and standards, as it provides an audit trail of system activities.

  • Troubleshooting and Diagnostics: Syslog logs offer a valuable resource for troubleshooting and diagnostics. When issues arise, administrators can analyze Syslog data to pinpoint the root causes, track changes, and resolve problems efficiently.

  • Alerting and Notifications: Organizations can configure Syslog integration to generate alerts and notifications based on predefined criteria. This feature ensures that administrators are promptly informed of critical events, enabling them to take immediate action.

  • Historical Analysis: Syslog data can be retained for historical analysis. By analyzing historical logs, organizations can identify patterns, trends, and recurring issues, helping them make informed decisions regarding system improvements and optimizations.

  • Integration with Third-party Tools: Syslog can be seamlessly integrated with various security and monitoring tools, enabling organizations to extend their capabilities and enhance their incident response procedures.

  • Scalability: Syslog integration scales easily to accommodate the growing volume of log data generated by expanding IT infrastructures. It ensures that organizations can continue to effectively manage and monitor their systems as they grow.

About the Solution

This integration allows the platform to transmit events to an external Syslog server, facilitating centralized monitoring and analysis. To ensure the effective manifestation of these events in the configured system, it is crucial to set up appropriate notification settings. Configuring these settings entails defining rules and parameters for triggering notifications when specific events or thresholds are reached, ensuring the prompt communication of relevant information to the designated integration. For detailed guidance on configuring these notification settings, refer to Notifications Settings.

Add a Syslog Integration

To add a new integration, follow these steps:

  1. Click on the green (plus) button located in the lower-right corner of the browser window.

  2. Select the desired integration configuration type from the drop-down menu.

  3. Fill in the necessary parameters as described in the Integration Fields Overview section.

  4. Click Add to finish the integration.

Integration Fields Overview

Portal_Integration_Syslog_Add_Integration.png

Option

Description

Integration

The selected integration type determines the available fields, which vary based on the chosen integration.

Name*

Descriptive name of the integration.

Host*

Remote host implementing Syslog.

Format

Specifies the structure for logging and transmitting event messages

Facility*

Defines categorization of log messages, indicating the source or type of the logged event. They provide a way to differentiate between various components of a Linux system. A facility code is used to specify the type of system that is logging the message.

See Facility section for available .

Severity

Specifies the level of importance or urgency of a log message, aiding in the categorization and prioritization of events.

  • Debug

  • Notice

  • Informational

  • Warning

  • Error

  • Critical

  • Alert

  • Emergency

Transport type

Determines the protocol and method used to transmit log messages, defining how data is sent from the source to the syslog server or collector.

  • TCP

  • UDP

Port*

Specifies network port number through which syslog messages are sent and received.

TLS

Determines if cryptographic protocol is to be used for communication. This option is only available if TCP is the chosen transport type.

Upload certificate

Digital security credential, often self-signed, that is used to establish a secure and trusted connection between the sender and the syslog server, ensuring data integrity and confidentiality during transmission. This option is only available if TLS is enabled.

*) Mandatory

Facility

Facility and Severity values are not normative but often used. They are described in the following tables for purely informational purposes. Facility values MUST be in the range of 0 to 23 inclusive. (1

Facility Code

Keyword

Description

0

kern

Kernel messages

1

user

User-level messages

2

mail

Mail system

3

daemon

System daemons

4

auth

Security/authentication messages

5

syslog

Messages generated internally by syslogd

6

lpr

Line printer subsystem

7

news

Network news subsystem

8

uucp

UUCP subsystem

9

cron

Cron subsystem

10

authpriv

Security/authentication messages

11

ftp

FTP daemon

12

ntp

NTP subsystem

13

security

Log audit

14

console

Log alert

15

solaris-cron

Scheduling daemon

16-23

local0-local7

Locally used facilities

Reference

  1. https://datatracker.ietf.org/doc/html/rfc5424



Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close