Configure Syslog Monitoring on SaaS Security API

Use these steps to configure a syslog server profile on SaaS Security API.
SaaS Security API supports the following log types:
  • Incidents log
  • Policy Violation log
  • Remediation log
  • Activity Monitoring log
  • Admin Audit log
  1. Select
    External Service
  2. Click
    Add a Syslog Receiver
    to create a Syslog server profile.
    You can add only external service — forward logs to a syslog receiver or Add Cloud Apps to SaaS Security API.
  3. Enter a
    for the profile.
  4. Add
    the information SaaS Security API requires to connect to it:
    • Name
      —Unique name for the server profile.
    • Server IP
      —IP address of the syslog server.
    • Port
      —The port number on which you send syslog messages. You must use the same port number for SaaS Security API and the syslog server.
    • Facility
      —Select a syslog standard value (for example,
      ) to calculate the priority (PRI) field in your syslog server implementation. The PRI part of the syslog message represents the Facility and Severity of the message. Select the value that maps to how you use the PRI field to manage your syslog messages. Values can be
      . There is no default.
    • Message format
      —Select the syslog message format to use:
      (the default) or
      . Traditionally,
      format is used over TCP or SSL.
  5. Save your changes.
  6. On the Syslog server, self-sign your server and create the SSL certificate, then enable TLS in the syslog configuration, setting the TLS option to
    TCP is required as the reliable transport.
  7. (
    ) To customize the format of syslog messages that the SaaS Security service sends, select the
    Custom Log Format
    • Select a
      Log Type
      to create a custom format.
    • The
      Custom Log Format
      tab supports escaping any characters defined as special characters. For instance, to use a backslash to escape the backslash and equal characters, select Escaping, specify \=as the
      Escaped Characters
      and \as the
      Escape Character
    • Click
      to save your changes.
  8. Click
    to save the server profile.

Recommended For You