1. Before You begin
Step 1:
Verify the Firewall Configuration
a. In the Firewall, the following Custom Port and Protocol must be allowed from the Device to the Forwarder.
Custom Port: 21710
Protocol: TCP
c. In the Firewall, following Hosts must be allowed from the Forwarder to Chronicle.
| Connection Type | Destination | Port |
| TCP | malachiteingestion-pa.googleapis.com | 443 |
| TCP | asia-northeast1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | asia-south1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | asia-southeast1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | australia-southeast1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | europe-malachiteingestion-pa.googleapis.com | 443 |
| TCP | europe-west2-malachiteingestion-pa.googleapis.com | 443 |
| TCP | europe-west3-malachiteingestion-pa.googleapis.com | 443 |
| TCP | europe-west6-malachiteingestion-pa.googleapis.com | 443 |
| TCP | europe-west12-malachiteingestion-pa.googleapis.com | 443 |
| TCP | me-central1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | me-central2-malachiteingestion-pa.googleapis.com | 443 |
| TCP | me-west1-malachiteingestion-pa.googleapis.com | 443 |
| TCP | northamerica-northeast2-malachiteingestion-pa.googleapis.com | 443 |
| TCP | accounts.google.com | 443 |
| TCP | oauth2.googleapis.com | 443 |
Step 2:
Add the below Collector to the Forwarder Config File,
- syslog:
common:
enabled: true
data_type: COHESITY
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:21710
udp_address: 0.0.0.0:21710
2. Configuring Syslog
First, to output Syslog from Cohesity, you need to register a Syslog server to Cohesity.
For Cohesity 6.6 onwards, registration can be done via GUI.
On the Settings > Summary > Syslog Servers screen, click "+Add" and enter the required information.
IP Address/Hostname: Forwarder IP
Protocol: TCP
Port: 21710
By clicking " Stream ", you can select the types of Streams.
Below are the six types of Streams:
a. cluster_audit: Cluster-related logs (user login, backup job creation, etc.)
b. cohesity_alerts: Alert-related logs (alerts issued by Cohesity)
c. dataprotection_events: Backup job-related logs (backup job execution and execution results, etc.)
d. sshd: SSH daemon-related logs (Optional)
e. api_audit: API call-related logs (Optional)
f. filesystem_audit: File server-related logs (operation logs for Cohesity View) (Optional)
Choose the Stream to send the logs from Cohesity to Syslog Server.
Click "Add" and if communication with the Syslog server is successful, registration is complete.
Comments
0 comments
Please sign in to leave a comment.