Configure Log Forwarding

  1. To activate and configure the Log Forwarding app, ensure you have the Cortex Data Lake role in the Customer Support Portal.
    For more information, see About Roles in the Cortex Hub Getting Started Guide.
  2. Add a Log Forwarding App Instance.
    Before you can use the Log Forwarding app, you must activate it. You can then add a Log Forwarding app instance to the Cortex Hub for each instance of the Cortex Data Lake you have purchased. Each instance of the Log Forwarding app can forward logs to a single destination and is associated with only one instance of the Cortex Data Lake.
  3. Forward Logs from the Cortex Data Lake to a Syslog Server.
    When you configure the Log Forwarding app, you can choose the Log Types you want to forward. To forward Cortex XDR™ – Analytics logs, forward Magnifier alert logs.

Related Documentation