Overview
This topic describes the steps to configure syslog on Darktrace.
Prerequisites
Need to have Administrator login credentials.
Configuration Syslog on Darktrace:
1. Sign into the Darktrace Interface.
2. Expand the top left menu and select Admin. A second menu appears.
3. Click on the System Config option
4. In Alerting section, click on Verify Alert Settings
5. Set the following parameters,
- CEF Syslog Alerts: True
- CEF Syslog Server: Forwarder IP Address
- CEF Syslog Server Port: 11571
- CEF Syslog TCP Alert: True
Please add the below collector in the Config file in the forwarder to get logs from Darktrace.
--------------------
- syslog:
common:
enabled: true
data_type: DARKTRACE
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:11571
udp_address: 0.0.0.0:11571
Comments
0 comments
Please sign in to leave a comment.