What is the syslog option in SpanVA intended for?
I thought it was a method of writing out errors or warnings relating to the running of the SpanVA appliance.
If this isn't the case, could you shed some light on what it is used for.
The syslog tab on the Monitoring Logs page is for configuring the connection to the external syslog server for sending internal SpanVA events, such as configuration changes.
These events are not the event entries you see in the Console tab.
As of 11 April 2019 we send the following status monitoring levels:
- info level
- warning level
- error level
- critical level
We do not send the following levels:
- debug level
- exception level
A future release will add the debug and exception levels.
The update will also tag the events with their severity levels so they can be easily parsed in a Security Information and Event Management (SIEM) server.
We do not yet have a date for these updates.
The events you see in the Console tab are those events received by the SpanVA's internal syslog server from firewalls, proxies, etc. that have been configured to send those events to the SpanVA server.
The SpanVA will then forward those events to CloudSOC.
This feature provides you with a readymade syslog server if you have firewalls capable of logging to syslog servers but lack a log collection framework.