Syslog Servers

To collect log events on an external server, you need to set up a Syslog server. If you do not want to set up a Syslog server, the event logs can only be saved on the OT Security EM platform.

To set up a Syslog server:

1. Go to Local Settings > Servers > Syslog Servers.

2. Click + Add Syslog Server.

   The Syslog Servers configuration window appears.

   

3. In the Server Name box, type the name of a Syslog server for logging system events.

4. In the Hostname/IP box, type a hostname or an IP address of the Syslog server.

5. In the Port box, type the port number on the Syslog server that receives the events. (Default: 514)

6. In the Transport drop-down box, select the transport protocol you want to use. Options are TCP or UDP.

7. (Optional) Select the Send keep alive message every 10m0s option to check the connection at frequent intervals.

8. (Optional) For TCP syslog, select the Allow syslog message caching option to cache events when the connection is disrupted and to send them once the connection is restored.

   Note: UDP syslog messages do not have any state awareness and may be lost if the connection is interrupted.

9. To send a test message to verify that the configuration is successful, click Send Test Message.

   Verify if the message arrived. If the message did not arrive, then troubleshoot to discover the cause of the problem and rectify it.

10. Click Save.

    You can set up additional Syslog servers by repeating this procedure.