- Overview
- Requirements: CylanceON-PREM
- Configuring the CylanceON-PREM virtual appliance
- Configuring the console
- Setting up the CylancePROTECT agent
- Device management
- Threat management
- Global lists
- Administration
- Managing users
- Managing roles
- Update profile information
- Audit logs
- Managing Certificates
- Setting up email notifications
- Settings
- Upgrade CylanceON-PREM
- Reboot the virtual appliance
- Configure session timeout
- Update CylanceON-PREM SSL certificate version 1.3.1 and later
- Update CylanceON-PREM SSL certificate version 1.2.2.1 and earlier
- Change the certificate cipher mode
- Enable maintenance mode
- Change network settings
- Check an IP address
- Change the log level
- Download logs
- Configure syslog/SIEM settings
- Update database connection settings
- Configure active directory
- Configure identity provider settings
- Using certificate-based authentication
- Add a banner to the login screen
- Applications
- CylanceON-PREM API
- Troubleshooting
- Agent not communicating with CylanceON-PREM
- Web browser reports insecure webpage
- Unable to connect to external database
- Configure static IP using the OVF tool
- Remote server 404 error in log files
- Log in with a local administrator account
- Online Certificate Status Protocol issues
- A user is not receiving email notifications
- Before you contact support
- BlackBerry Docs
- CylanceON-PREM
- Cylance ONPREM Administration Guide
- Administration
- Settings
- Configure syslog/SIEM settings
Configure syslog/SIEM settings
Administrators can figure
CylanceON-PREM
version 1.1.0 or higher to forward events from their CylanceON-PREM
virtual appliance to a syslog server. The context of each event is Unicode plain text consisting of key-value pairs, separated by commas. Due to a size limitation of most Syslog servers, the details of each message (Cylance
-specific payload) is limited to 2048 characters.The Threat Classifications event type is not available for
CylanceON-PREM
because the virtual appliance does not communicate with the CylancePROTECT Desktop
console.- In the console, on the menu bar, clickConfiguration > Settings.
- Click
beside Syslog/SIEM. This expands the Syslog settings. - Click the Syslog/SIEM toggle to enable the feature. Use this toggle to enable or disable the feature without losing any settings.
- Configure the Syslog settings. For more information on syslog settings, see theCylanceSyslog Guide.With TLS/SSL enabled, administrators can add an SSL certificate instead of pasting in the certificate information. The certificate can be added after configuring Syslog settings. Make sure you save any changes to this section before navigating to the Certificates page (Configuration > Certificates) to ensure your changes are not lost. WithVerify Peer Modedisabled, the SSL certificate is not required. The connection is encrypted, butCylanceON-PREMwill not validate the peer certificate.UDP does not support notifications when the Syslog server shuts down.
- Click
.
To upload an SSL certificate, go to the
Configuration > Certificates
page and add the certificate. See Add a certificate for more information.To remove a Syslog server shut down notification, re-enable Syslog. If you no longer want to use Syslog, re-enable Syslog and then disable Syslog.