Use the SIEM tab to configure settings for the saving Management event logs in a SIEM.
The tab contains the following configuration fields:
|Enable SIEM events||To activate SIEM logging, select the Report to SIEM checkbox.|
|SIEM Server address|
Address of the SIEM system collector service. Specify a hostname where the address represents a fully qualified hostname or an IPv4 address.
The default is empty. When the address is empty, the server uses its own IP as an address.
|SIEM Server port|
Specifies the UDP port of the SIEM system collector service. Specify a positive integer between 1 and 65535. The default is 514.
For more information about SIEM logging in Management, see Sending Logs to SIEM in CEF Format.
To test the connection settings , click at the bottom of the screen.
|n||If the settings are valid, a verification code is displayed in Management. For example:|
The same code should appear in your SIEM system.
|n||If the settings are invalid, an error is displayed below the button.|
Please sign in to leave a comment.