Skip Navigation

Configure syslog/SIEM settings

Administrators can figure
version 1.1.0 or higher to forward events from their
virtual appliance to a syslog server. The context of each event is Unicode plain text consisting of key-value pairs, separated by commas. Due to a size limitation of most Syslog servers, the details of each message (
-specific payload) is limited to 2048 characters.
The Threat Classifications event type is not available for
because the virtual appliance does not communicate with the
CylancePROTECT Desktop
  1. In the console, on the menu bar, click
    Configuration > Settings
  2. Click beside Syslog/SIEM. This expands the Syslog settings.
  3. Click the Syslog/SIEM toggle to enable the feature. Use this toggle to enable or disable the feature without losing any settings.
  4. Configure the Syslog settings. For more information on syslog settings, see the
    Syslog Guide
    With TLS/SSL enabled, administrators can add an SSL certificate instead of pasting in the certificate information. The certificate can be added after configuring Syslog settings. Make sure you save any changes to this section before navigating to the Certificates page (Configuration > Certificates) to ensure your changes are not lost. With
    Verify Peer Mode
    disabled, the SSL certificate is not required. The connection is encrypted, but
    will not validate the peer certificate.
    UDP does not support notifications when the Syslog server shuts down.
  5. Click .
To upload an SSL certificate, go to the
Configuration > Certificates
page and add the certificate. See Add a certificate for more information.
To remove a Syslog server shut down notification, re-enable Syslog. If you no longer want to use Syslog, re-enable Syslog and then disable Syslog.