Syslog export
Tip
BlastShield™ supports exporting the system event log and extended access logs in syslog format to an external collector. When enabled, the Orchestrator will export the syslog to the nominated external server.
Syslog UDP packets will be sent to port 514 (514 is the default port) of the receiving server and the format may be configured as human readable, comma separated, or both. the syslog UDP port may be changed if required. All syslog packets are sent from the Orchestrator.
The receiving server may be external to the BlastShield™ Network or inside the protected overlay network, which is recommended if the syslog server is hosted in the cloud. In the latter case you can install a Host Agent on the syslog server and an implicit Policy will be automatically created in the Orchestrator for the syslog packets.
Configuring syslog
Syslog export is configured on the Orchestrator. To learn how to configure the syslog export, watch the followiing video or read the steps below.
Log in to the Orchestrator as the Administrator user.
Go to the Settings menu on the left hand side and choose Network.
Go to the Syslog Settings window.
In the Remote Syslog Server box, enter the IP address of the device which will receive the syslog packets.
In the Format box, select the syslog export format (Human Readable, Comma Separated, or Both).
Click Save Changes.
If your syslog application requires the address that is sending the syslog messages, then use the IP address of the BlastShield™ Orchestrator. If your syslog application is in the BlastShield protected network, then use the Orchestrator overlay IP address.