Deployment of Log Exporter in SmartConsole
Starting in R81, you can configure Log Exporter directly from SmartConsole and link it to the relevant Log Servers.
| 
                                                             | Note - For advanced deployment, see Advanced Deployment of Log Exporter in CLI. | 
Procedure:
- 
                                                Create a new Log Exporter/SIEM object: - 
                                                        From the top, click Objects > More object types > Server > Log Exporter/SIEM. 
- 
                                                        In the Object Name field, enter the applicable name for the new Log Exporter. 
- 
                                                        From the left, click the General page: - 
                                                                In the Export Configuration section, select Enabled. 
- 
                                                                In the Server Configuration section: - 
                                                                        In the Target Server field, enter the IPv4 address or the FQDN of the destination server 
- 
                                                                        In the Target Port field, enter the number of the listening port on the destination server 
- 
                                                                        In the Protocol field, select the applicable protocol - UDP (default) or TCP 
 
- 
                                                                        
 
- 
                                                                
- 
                                                        From the left, click the Data Manipulation page: - 
                                                                In the Format field, select the applicable format for the exported logs: - 
                                                                        Syslog (default) 
- 
                                                                        Common Event Format (CEF) 
- 
                                                                        Log Event Extended Format (LEEF) 
- 
                                                                        Generic 
- 
                                                                        Splunk 
- 
                                                                        LogRhythm 
- 
                                                                        Json 
 
- 
                                                                        
- 
                                                                Optional: Select Aggregate log updates before export to export all logs with the full data. By default, update logs contain the data that was changed compared to the last log for the same event. 
 
- 
                                                                
- 
                                                        From the left, click the Attachments page: Log Exporter does not include attachments by default. Optional: Select the applicable options to configure the log attachments: - 
                                                                Add link to Log Details in SmartView 
- 
                                                                Add link to Log Attachment in SmartView 
- 
                                                                Add Log Attachment ID 
 
- 
                                                                
- 
                                                        Click OK. 
 
- 
                                                        
- 
                                                Configure the Management Server or Dedicated Log Server / SmartEvent Server object: - 
                                                        From the left navigation panel, click Gateways & Servers. 
- 
                                                        Open the Management Server or Dedicated Log Server / SmartEvent Server object. 
- 
                                                        From the left tree, click Logs > Export. 
- 
                                                        Click [+] and select the Log Exporter / SIEM object you configured earlier. 
- 
                                                        Click OK. 
 
- 
                                                        
- 
                                                Install the database: - 
                                                        From the top, click > Install database. 
- 
                                                        Select all objects. 
- 
                                                        Click Install. 
   Important in a Multi-Domain Server environment - If you configured Log Exporter object(s) in the Global Domain and assigned Global Policy, you must install the database in SmartConsole connected to the applicable Domain Management Server. 
- 
                                                        
After you upgrade a Management Server / Log Server / SmartEvent Server to a new version, you must:
- 
                                                    In SmartConsole, from the top, click > Install database. 
- 
                                                    Select all objects. 
- 
                                                    Click Install. 
| 
                                                                 | Note - During an upgrade to R81.20 and higher, the Log Exporter configuration is part of the upgrade. | 
 
                                            