Trend Micro Apex Central™ is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels.
- Need Admin Login credentials for the Trend Micro Apex Central.
Create a Remote Log Target
- Log in to your Trend Micro Apex Central.
- Go to Administration > Settings > Syslog Settings
- Now Enable Syslog Forwarding check box.
- Configure the following settings for the server that receives the forwarded Syslog,
A. Server address: Forwarder IP Address
B. Port: Syslog Server Port number
Note: We use the Chronicle Port Number as ‘11650’
C. Protocol: Select the Transmission protocol (SSl/TLS, TCP, UDP)
Note: We use the Protocol as 'UDP'
D. Format: Select the log format (CEF or Apex Central Format)
Note: For Chronicle we use the Log Format as 'CEF'
E. Frequency: Configure the frequency for when Apex Central forwards the logs
F. Log Type: Select a log category from the Log type drop-down list:
- Security logs
- Product information
Select list of Log categories to select additional Logs types to forward.
5. Click Save.
Now the Logs will be generating to the Chronicle as SYSLOG + KV, CEF format.
Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.