Connect OT Security to a Syslog Server

To send log events to an external server, you must set up a syslog server in OT Security.

To set up a syslog server:

1. In the OT Security interface, go to Settings > Servers > Syslog Servers.

   The Syslog Servers page appears.

2. Click + Add Syslog Server.

   The Syslog Servers configuration window appears.

   

3. In the Server Name box, type the name of a syslog server to use for logging system events.

4. In the Hostname/IP box, type a hostname or an IP address of the syslog server.

5. In the Port box, type the port number on the syslog server that receives the events. The default port is 514.

6. In the Transport drop-down box, select the transport protocol: TCP or UDP.

7. To send a test message to check for a successful configuration, click Send Test Message, and check that the message arrived. If the message did not arrive, then troubleshoot the problem to correct it.

8. (Optional) Select the Send keep alive message every 10m0s option to check the connection at frequent intervals.

9. (Optional) For TCP syslog, select the Allow syslog message caching option to store events in case of a disrupted connection and to send them once the connection is restored.

   Note: UDP syslog messages do not have any state awareness and may be lost if the connection is interrupted.

10. Click Save.

    You can set up additional syslog servers using the procedure.