SIEM
You can configure SIEM setting for reporting syslog events to the SIEM platform.
To get to the SIEM page, from the navigation pane on the left, click Settings > SIEM.
The page contains the following configuration fields:
Element | Field |
Description |
---|---|---|
1 | SIEM Server address |
Address of the SIEM system collector service. Specify a hostname where the address represents a fully qualified hostname or an IPv4 address. The default is empty. When the address is empty, the server uses its own IP as an address. |
2 | SIEM Server port |
Specifies the port of the SIEM system collector service. Specify a positive integer between 1 and 65535. The default is For more information about SIEM logging in Management, see Syslog Events to SIEM Platforms. |
3 | Syslog Protocol | Specifies the Syslog message transport protocol. Select from UDP, TCP or TLS(SSL) |
4 | Syslog Format | Specifies the Syslog message format. Select from CEF or LEEF. |
5 | TLS Certificate |
If the server mandates certificate authentication to use the TLS protocol, a TLS certificate file must be imported. After importing the certificate file, refresh the page. The certificate name and creation date are displayed. Note |
Note
Fields marked with a * red asterisk are mandatory, to be completed.
To import a TLS certificate:
a. | Click on the Import button. |
b. | An explorer window opens. Navigate to the desired certificate file to import and select it. |
c. | After importing the certificate, refresh the page. |
d. | The certificate name and creation date are displayed. The following message appears: |
To delete a certificate that was imported:
a. | Click on the Delete button. |
b. | The following message appears: |
As you make changes the Items Changed count increases. When finished making changes at the bottom of the page select to either Save Changes or Discard Changes to the original settings.
Comments
0 comments
Please sign in to leave a comment.