This topic describes the steps to configure syslog on the Thycotic (Delinea) Secret Server.
Prerequisites
- Administrator login credentials.
Configuring Syslog in Thycotic (Delinea) Secret Server
1. Login to your secret server.
2. Click Administration > Actions > Configuration, and the Configuration page displays.
3. At the bottom of the page, click Edit.
4. The Application Setting page displays. Under the Syslog/CEF Logging Advanced Settings Information area, select the Enable Syslog/CEF Logging check box and enter the Syslog server.
5. Please add the below details,
Enable Syslog/CEF Log Output: Yes
Syslog/CEF Server: Forwarder IP Address
Syslog/CEF Port: 11649
Syslog/CEF Protocol: TCP
6. Click Save.
Now add the below Collector to the Config File in the Forwarder,
--------------------------
- syslog:
common:
enabled: true
data_type: THYCOTIC
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:11649
udp_address: 0.0.0.0:11649
Once the collector is added to the Forwarder, then the logs go to the Forwarder and then to Chronicle.
Comments
0 comments
Please sign in to leave a comment.