1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ Pro Administrator’s Guide
    5. External Data Ingestion
    6. Additional Log Ingestion Methods for Cortex XDR
    7. Ingest Logs from a Syslog Receiver

    Ingest Logs from a Syslog Receiver

    To extend visibility, Cortex XDR can receive Syslog from additional vendors that use CEF or LEEF formatted over Syslog (TLS not supported).
    Ingesting logs and data requires a Cortex XDR Pro per TB license.
    Cortex XDR can receive Syslog from a variety of supported vendors (see External Data Ingestion Vendor Support). In addition, Cortex XDR can receive Syslog from additional vendors that use CEF or LEEF formatted over Syslog (TLS not supported).
    After Cortex XDR begins receiving logs from the third-party source, Cortex XDR automatically parses the logs in LEEF format and creates a dataset with the name
    <vendor>
    _
    <product>
    _raw
    . You can then use XQL Search queries to view logs and create new IOC or BIOC rules.
    To receive Syslog from an external source:
    1. Set up your Syslog receiver to forward logs.
    2. Activate the Syslog Collector applet on a Broker VM within your network.
    3. Use the XQL Search to search your logs.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo