Technical Library | eSupport
Go to the table of contents Go to the previous page Go to the next page
TRITON RiskVision System Management : Sending logs to an SIEM product or syslog
Sending logs to an SIEM product or syslog
52040 | System Management | TRITON RiskVision | 24-Sep-2015
Use the System > Logging tab to configure RiskVision to forward logs to a third-party SIEM product, syslog, or both.
SIEM
To send RiskVision incident logs to a third-party SIEM product:
1.
Toggle the Enable SIEM logging switch to ON.
2.
Enter the IP address or hostname and communication Port for your SIEM server.
3.
Select a Transport protocol (TCP or UDP).
4.
Configure which logs to send by selecting one or more Threat levels. By default, malicious and suspicious incident logs are forwarded.
5.
Select an SIEM format to use (the default is syslog/CEF):
*
If you select the syslog/CEF (Arcsight) or syslog/LEEF (QRadar) format from the list, the Format string field offers a read-only display of the format that will be used.
To modify the string, click Edit.
*
If you select Custom from the list, Format string field shows either a blank entry field or the custom string that you previously saved.
See RiskVision SIEM/syslog format strings for more information creating, editing, and interpreting format strings.
6.
Click Apply to save your changes.
If you have created a custom format string, it is saved. You can make further modifications later by selecting the Custom option in the Format string drop-down list.
Syslog
To forward RiskVision incident logs to syslog:
1.
Toggle the Enable syslog logging switch to ON.
2.
Configure which logs to send by selecting one or more Threat levels. By default, malicious and suspicious incident logs are forwarded.
3.
Select an Format to use (Default or Custom).
*
If you select Default, the Format string field offers a read-only display of the format that will be used.
Click Edit, to modify the default format string.
*
If you select Custom from the list, Format string field shows either a blank entry field or the custom string that you previously saved.
See RiskVision SIEM/syslog format strings for more information creating, editing, and interpreting format strings.
4.
Click Apply to save your changes.
If you have created a custom format string, it is saved. You can make further modifications later by selecting the Custom option in the Format string drop-down list.

Go to the table of contents Go to the previous page Go to the next page
TRITON RiskVision System Management : Sending logs to an SIEM product or syslog
Copyright 2015 Raytheon | Websense. All rights reserved.