Click here to expand

    Configuration steps for Syslog forwarding from Trend Micro - Deep Security devices to EventLog Analyzer

    1. To forward system events to ELA server:
      • Go to Administration → System Settings → Event Forwarding.
      • Select Forward System Events to a remote computer (via Syslog) in the SIEM section.
      • Specify the following information and then click Save:
        1. Hostname <EventLog Analyzer IP>
        2. UDP port <default 514>
        3. Syslog Format <CEF>
        4. Syslog Facility
    2. To forward security events to ELA server:
      • Go to Policies.
      • Double-click the policy you want to use for computers to forward security events via the Deep Security Manager.
      • Go to Settings > SIEM and select Forward Events To > Relay via the Manager for each applicable protection module.
      • Specify the following information that is required for relaying events via the Deep Security Manager and then click Save:
        1. Hostname <EventLog Analyzer IP>
        2. UDP port <default 514>
        3. Syslog Format <CEF>
        4. Syslog Facility

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link