This article explains the steps to configure syslog on Varonis.
Prerequisites
- Administrator login credentials.
Configuring Varonis syslog
Configuring Syslog message forwarding
1. Login to your Varonis UI using admin credentials.
2. In Data Advantage, select Tools > DatAlert > Select DatAlert.
3. Now, select Configuration.
4. In Syslog Message Forwarding, do as follows:
- Syslog Message IP Address: Forwarder IP Address
- Port: 11656
- Facility name: Choose a different facility.
5. Click Apply.
Configuring Syslog format
1. In DatAlert, select Alert Templates
2. Click on the Green Plus sign to add a New Alert Template.
- In the Template name, select the 'External system default template (CEF)'
- In the Apply to alert methods, select the 'Syslog message'
3. Click OK
Configuring alerts for single or multiple rules
To select the Syslog alert method for a single rule:
1. From the DatAlert rules table, select the rule, then click Edit Rule. The rule editing menu appears.
2. From the left menu, select Alerts Method. The “Alert Method” window appears.
3. Select Syslog message.
4. Click OK.
To select the Syslog alert method for multiple rules:
1. From the DatAlert rules table, select the rules, then click Edit Rule. The rule editing menu appears.
2. From the left menu, select Alerts Method. The “Alert Method” window appears, and its contents are disabled for selection.
3. Click the edit icon for the Syslog message option, then click the checkbox next to Syslog message.
4. Click OK.
Comments
0 comments
Please sign in to leave a comment.