Syslog Servers

In order to enable collection of log events on an external server you will need to set up a Syslog Server in the system. If you do not want to set up a Syslog Server, then the event logs will only be saved on the OT Security EM platform.

To Set up a Syslog Server:

1. Under Local Settings, go to the Servers > Syslog Servers screen.

2. Click + Add Syslog Server.

   The Syslog Servers configuration window is displayed.

   

3. In the Server Name field, enter the name of a Syslog Server to be used for logging system events.

4. In the Hostname/IP field, enter a host name or an IP address of the Syslog server.

5. In the Port field, enter the port number on the Syslog server to which the events will be sent. (Default: 514)

6. In the Transport field, select from the dropdown list the transport protocol to be used. Options are TCP or UDP.

7. If you would like to send a test message to verify that the configuration was successful, click Send Test Message and check if the message has arrived. If the message did not arrive, then troubleshoot to discover the cause of the problem and correct it.

8. Click Save.

   You can set up additional Syslog Servers by repeating the procedure described above.