This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ-SE Syslog configuration

XIQ-SE Syslog configuration

Go to solution
ChristianK
New Contributor III

Monday

We have an active Syslog configuration.

Now the IP of the Syslog receiver will be changed.

At which point is the IP configuration of the Syslog done?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Robert_Haynes
Extreme Employee
In response to Zdeněk_Pala

Tuesday

Mr. Pala is correct. You can forward syslog from SE to a third-party via Alarm actions, Control Notification rules and by making custom changes to the rsyslog configuration under-the-hood on SE itself. Those would be the three places you would have to look at.

 

Alarms & Events -> Alarm Configuration -> sort by Action -> look for any that are tied to syslog actions

Control -> Access Control -> Configuration -> Notifications -> look for any that are tied to syslog actions

/etc/rsyslog.conf under-the-hood via SSH

View solution in original post

5 REPLIES 5

Go to solution
Zdeněk_Pala
Extreme Employee

Tuesday

check your alarm configuration = probably you are senting events to external syslog server through alarm rule.

Check NAC notifications = it is a common approach to send NAC related events to external syslog server.

Check the security best practices document (documentation) there are additional options how to configure syslog export.

Regards Zdeněk Pala

Go to solution
Robert_Haynes
Extreme Employee
In response to Zdeněk_Pala

Tuesday

Mr. Pala is correct. You can forward syslog from SE to a third-party via Alarm actions, Control Notification rules and by making custom changes to the rsyslog configuration under-the-hood on SE itself. Those would be the three places you would have to look at.

 

Alarms & Events -> Alarm Configuration -> sort by Action -> look for any that are tied to syslog actions

Control -> Access Control -> Configuration -> Notifications -> look for any that are tied to syslog actions

/etc/rsyslog.conf under-the-hood via SSH

Go to solution
ChristianK
New Contributor III
In response to Robert_Haynes

yesterday

My configuration was under
Control -> Access Control -> Configuration -> Notifications

Many thanks for the hint.

0 Kudos

Go to solution
ChristianK
New Contributor III

Monday

We forward the logs from XIQ-SE to our SIEM solutions.

The SIEM Solutions will be changed. So I have to change the IP in the Syslog forwarding configuration.

Does this make my request more clear?

0 Kudos
GTM-P2G8KFN