Overview
This topic describes the steps to configure syslog on the Bluecat DDI.
Prerequisites
Need to have Administrator login credentials.
Configuration Syslog on Bluecat DDI:
1. Sign in to the Bluecat Address Manager (BAM).
2. From the configuration drop-down menu, select a configuration.
3. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
4. Under Servers, click the name of a BDDS. The Details tab for the server opens.
5. Click the server name menu and select Service Configuration.
6. From the Service Type drop-down menu, select Syslog. BAM queries the server and returns the current values for the service settings.
7. Under General, set the following parameters:
Syslog Server - Forwarder IP Address
Syslog Port - 11545
Syslog Transport - You can select TCP or UDP.
8. Click Add. The syslog server appears in the list.
9. Click Update.
Please add the below collector in the Config file in the forwarder to get logs from Proofpoint Threat Response
--------------------
- syslog:
common:
enabled: true
data_type: BLUECAT_DDI
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:11545
udp_address: 0.0.0.0:11545
Comments
0 comments
Please sign in to leave a comment.