Syslog configuration is done on the Application page, on the Settings tab.
Cylanceevent types you want to receive Syslog messaging for.
Some log management services, like SumoLogic, might need a custom token included with syslog messages to help identify where those messages should go. The custom token is provided by your log management service.
The Custom Token field is available with all Syslog/SIEM options, not just SumoLogic. It is possible to type any information as a custom tag to the syslog information.
This is the type of application that is logging the message. The default is Internal (or Syslog). This is used to categorize the messages when they are received by the Syslog server.
This is the IP address or fully-qualified domain name of the Syslog server that the customer has set up. Consult with your internal network experts to ensure firewall and domain settings are properly configured.
This is the port number on the machines that the Syslog server will listen to for messages. It must be a number between 1 and 65535. Typical values are: 512 for UDP, 1235 or 1468 for TCP, and 6514 for Secured TCP (example: TCP with TLS/SSL enabled).
This must match what you have configured on your Syslog server. The choices are UDP or TCP. UDP is generally not recommended as it does not guarantee message delivery. You should use the default setting, TCP.
Security Information and Event Management (SIEM)
This is the type of Syslog server or SIEM to which events are to be sent.
This is the severity of the messages that should appear in the Syslog server. This is a subjective field, and you may set it to whatever level you like. The value of severity does not change the messages that are forwarded to Syslog.
This option is only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in transit from
Cylanceto the Syslog server. You should checkmark this option. Be sure your Syslog server is configured to listen for TLS/SSL messages.