External Logging » History » Version 1
Luke Murphey, 04/03/2010 01:03 PM
| 1 | 1 | Luke Murphey | h1. Logging to a SEIM or Log Management System |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | NSIA can forward the logs to a SEIM (Security Event and Information Management) system such as ArcSight or to a log management such as Splunk. NSIA sends logs via the Syslog protocol and can therefore submit logs to nearly any device that accepts syslog messages. To set up logging, open the configuration page by clicking "Modify Configuration" in the web interface from the main dashboard. Look for the section titled "Logging Subsystem." The logging system has the following options: |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | |
| 6 | 1 | Luke Murphey | |Option | Description | |
| 7 | 1 | Luke Murphey | |Log Format |Defines how the log messages are contructed (see below for details) | |
| 8 | 1 | Luke Murphey | |Syslog Server Address |The address to send the messages to | |
| 9 | 1 | Luke Murphey | |Syslog Log Port |The port to send the messages to | |
| 10 | 1 | Luke Murphey | |Logging Enabled |Enables or disables external logging | |
| 11 | 1 | Luke Murphey | |Transport Protocol |Determines if TCP or UDP is used | |