Forwarding Logs in Syslog Format
-
Syslog messages are RFC 5424 compliant.
-
If you need to limit the syslog message size, select the Limit syslog message format checkbox, and under Limit syslog message length (bytes), enter the message limit in bytes.
-
If you need to add an authentication token to all the syslog messages, enter the token under Token (optional).
-
You can configure TLS when using TCP transport. To define the certificate, contact Avanan Support.
-
Supported certificate types:
-
CA certificate:
-
Use the CA certificate for our servers to validate the remote server that forwards events.
-
Ensure the certificate includes all necessary components: Root CA, Intermediate Certificates, and Server Certificate, all in .pem format.
-
List the certificates in the following order: Server Certificate, Intermediate Certificates, Root CA.
-
The Common Name (CN) of the server certificate must match the domain or IP address specified in the SIEM configuration.
-
-
Client certificate:
-
Use the Client certificate when the remote server needs to validate the client (our SIEM server) for TLS.
-
The certificate must be in .pem format and include two parts: the client certificate and the unencrypted private key.
-
-
-