Forwarding Logs in Syslog Format

  • Syslog messages are RFC 5424 compliant.

  • If you need to limit the syslog message size, select the Limit syslog message format checkbox, and under Limit syslog message length (bytes), enter the message limit in bytes.

  • If you need to add an authentication token to all the syslog messages, enter the token under Token (optional).

  • You can configure TLS when using TCP transport. To define the certificate, contact Avanan Support.

    • Supported certificate types:

      • CA certificate:

        • Use the CA certificate for our servers to validate the remote server that forwards events.

        • Ensure the certificate includes all necessary components: Root CA, Intermediate Certificates, and Server Certificate, all in .pem format.

        • List the certificates in the following order: Server Certificate, Intermediate Certificates, Root CA.

        • The Common Name (CN) of the server certificate must match the domain or IP address specified in the SIEM configuration.

      • Client certificate:

        • Use the Client certificate when the remote server needs to validate the client (our SIEM server) for TLS.

        • The certificate must be in .pem format and include two parts: the client certificate and the unencrypted private key.