Aptilo AC/SPA/MAS - Logging syslog Messages to SIEM

  • 1.  Aptilo AC/SPA/MAS - Logging syslog Messages to SIEM

    Posted 07-01-2014 16:59
    We have implemented Aptilo platform and would like to get help on the settings for sending syslog to our SIEM:

    Aptilo AC

    Aptilo CORE 5 - Linux ac1.wificiutada.intra 2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux

    Aptilo Access Controller Version 9.1 Build 2286

    From Aptilo send syslog to remote server SIEM. How we do it? The /etc/syslog.conf File

    #kern.* /dev/console

    *.info;mail.none;authpriv.none;cron.none -/var/log/messages

    local0.=debug -/var/log/apc_debug

    local0.=notice -/var/log/apc_notice

    local0.=info /var/log/apc_info

    local0.=warning /var/log/apc_warning

    local0.=err /var/log/apc_error

    local0.=crit /var/log/apc_critical

    authpriv.* /var/log/secure

    mail.* /var/log/maillog

    cron.* /var/log/cron

    *.emerg *

    uucp,news.crit /var/log/spooler

    local7.* /var/log/boot.log

    Security events. What?

    According to your experience and taking into account the issue of security. What are the events that contributed us something and we should see or monitor the Aptilo platform?

    Is there any protocol for this type of device or Log Source Type should use for correct settings?

    Regards and thanks,

    Diego C