Table of Contents:
The article covers how to configure a syslog server and collect logs from this server.
Requirements
- Admin access to Carbon Black App Control Console
Device Configuration
To configure the device,
- Login to the Carbon Black App Control as an admin.
- Click the Configuration (gear) icon and click System Configuration.
- In the System Configuration page, click the Events tab.
- In the Events tab, click the Edit button at the bottom of the page.
- In the External Event Logging panel, select the Syslog Enabled check box.
6. Provide the IP address and port number of your Syslog server in the Syslog Address and Syslog Port text boxes, respectively.
-
- IP address :- <Forwarder IP>
- Syslog Port :- 11692
7. Select the output format from the Syslog Format menu. (CEF, JSON)
8. To save your configuration, click Update, and then click Yes in the confirmation dialog box.
Once the configuration is completed, we need to validate the logs in chronicle using a regular expression (".*"). This expression, or a specific hostname, will provide the log source types that are being ingested into Chronicle. Below is a screen shot for reference.
Comments
0 comments
Please sign in to leave a comment.