Aptilo AC/SPA/MAS - Logging syslog Messages to SIEM

  • 0
  • 1
  • Question
  • Updated 4 years ago
Hi

We have implemented Aptilo platform and would like to get help on the settings for sending syslog to our SIEM:

 Aptilo AC

      Aptilo CORE 5 - Linux ac1.wificiutada.intra 2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux

      Aptilo Access Controller Version 9.1 Build 2286

 

From Aptilo send syslog to remote server SIEM. How we do it?

The /etc/syslog.conf File

#kern.*                                                 /dev/console

*.info;mail.none;authpriv.none;cron.none                -/var/log/messages

local0.=debug                                           -/var/log/apc_debug

local0.=notice                                          -/var/log/apc_notice

local0.=info                                            /var/log/apc_info

local0.=warning                                         /var/log/apc_warning

local0.=err                                             /var/log/apc_error

local0.=crit                                            /var/log/apc_critical

authpriv.*                                              /var/log/secure

mail.*                                                  /var/log/maillog

cron.*                                                  /var/log/cron

*.emerg                                                 *

uucp,news.crit                                          /var/log/spooler

local7.*                                                /var/log/boot.log

 

Security events. What?

According to your experience and taking into account the issue of security. What are the events that contributed us something and we should see or monitor the Aptilo platform?

Is there any protocol for this type of device or Log Source Type should use for correct settings?

 

Regards and thanks,

 

 

Diego C

Photo of cos

cos

  • 212 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1

Be the first to post a reply!