Integrate a Syslog Receiver
If you want to send Cortex XDR notifications to a Syslog receiver, you can set up log forwarding to the receiver.
XDRnotifications to your Syslog server, you need to define the settings for the Syslog receiver from which you want to send notifications.
- Before you define the Syslog settings, enable access to the followingCortexXDRIP addresses for your deployment region in your firewall configurations:RegionLog Forwarding IP AddressesUnited States - Americas (US)
Germany - Europe (EU)
Netherlands - Europe (EU)
United Kingdom (UK)
United States - Government
- Select.SettingsConfigurationsIntegrationsExternal Applications
- InSyslog Servers, add a+ New Server.
- Define the Syslog server parameters:
- Name—Unique name for the server profile.
- Destination—IP address or fully qualified domain name (FQDN) of the Syslog server.
- Port—The port number on which to send Syslog messages.
- Protocol—Select a method of communication with the Syslog server:
- TCP—No validation is made on the connection with the Syslog server. However, if an error occurred with the domain used to make the connection, theTestconnection will fail.
- UDP—CortexXDRruns a validation to ensure connection was made with the syslog server.
- TCP + SSL—CortexXDRvalidates the syslog server certificate and uses the certificate signature and public key to encrypt the data sent over the connection.
- Certificate—The communication betweenCortexXDRand the Syslog destination can use TLS. In this case, upon connection,CortexXDRvalidates that the Syslog receiver has a certificate signed by either atrusted root CAor aself-signed certificate.CortexXDRvalidates that the Syslog receiver has a certificate signed by either a trusted root CA or a self signed certificate. You may need to merge the Root and Intermediate certificate if you receive a certificate error when using a public certificate.Up to TLS 1.2 is supported.If your Syslog receiver uses a self signed CA,Browseand upload your self-signed Syslog receiver CA.Make sure the self-signed CA includes your public key.If you only use a trusted root CA leave theCertificatefield empty.
- Ignore Certificate Error—CortexXDRdoes not recommend, but you can choose to select this option to ignore certificate errors if they occur. This will forward alerts and logs even if the certificate contains errors.
- Testthe parameters to ensure a valid connection andCreatewhen ready.You can define up to five Syslog servers. Upon success, the table displays the Syslog servers and their status.
- (Optional) Manage your Syslog server connection.In theSyslog Serverstable
- Locate your Syslog server and right-click toSend text messageto test the connection.CortexXDRsends a message to the defined Syslog server which you can check to see if the test message indeed arrived.If the message doesn’t arrive,CortexXDRdisplays an error. View the error details and suggested solutions in Syslog Server Test Message Errors.
- Locate theStatusfield.TheStatusfield displays aValidorInvalidTCP connection.CortexXDRtests connection with the Syslog server every 10min. If no connection is found after 1 hour,CortexXDRsend a notice to the notification center.
- After you integrate with your Syslog receiver, you can configure your forwarding settings.
Recommended For You
Recommended videos not found.