Click here to expand

    Configuration steps for Syslog forwarding from Trend Micro - Deep Security devices to EventLog Analyzer

    1. To forward system events to ELA server:
      • Go to Administration → System Settings → Event Forwarding.
      • Select Forward System Events to a remote computer (via Syslog) in the SIEM section.
      • Specify the following information and then click Save:
        1. Hostname <EventLog Analyzer IP>
        2. UDP port <default 514>
        3. Syslog Format <CEF>
        4. Syslog Facility
    2. To forward security events to ELA server:
      • Go to Policies.
      • Double-click the policy you want to use for computers to forward security events via the Deep Security Manager.
      • Go to Settings > SIEM and select Forward Events To > Relay via the Manager for each applicable protection module.
      • Specify the following information that is required for relaying events via the Deep Security Manager and then click Save:
        1. Hostname <EventLog Analyzer IP>
        2. UDP port <default 514>
        3. Syslog Format <CEF>
        4. Syslog Facility
    Get download link