Related topics: Remediation

Field	Description
Syslog Settings
IP address or hostname	Enter the IP address or hostname for the syslog server.
Port	Enter the port number for the syslog server.
Use syslog facility for these messages	Select this box to set the origin of syslog messages. Use the drop-down menu to select the type of message to appear in the syslog: User-level Messages (#1) - logs generic user-level messages, such as "username/password expired". Security/Authorization Messages (#4) - logs authentication- and authorization-related commands, such as "authentication failed for admin user". Security/Authorization Messages (#10) - logs non-system authorization messages inside a protected file (for information of a sensitive nature, such as passwords). Local use 0-7 (#16-23) - unreserved facilities available for any local use. Processes and daemons that have not been explicitly assigned a facility can use any of the "local use" facilities. Configuration is done in the syslog.conf file. If you want incident data sent to the syslog, select Audit Incident > Send Syslog Message in the action plan for the policy.
Test Connection	Click Test Connection to send your syslog server a verification test message.
Release Gateway
Use the gateway that detected the incident	This option is selected by default. The gateway could be TRITON AP-EMAIL or the protector MTA, depending on your subscription.
Use the following gateway:	Define a specific gateway to use when releasing quarantined email. The mail release gateway is used to deliver email messages that were blocked and subsequently released. IP address or hostname - Enter the IP address or hostname for your mail release gateway. Port - Enter the port number for your mail release gateway.