How To Setup Logging Events to a Syslog Server
Article ID: 286708
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Setup forwarding of events and logs to an external application.
Environment
- App Control Console: All Supported Versions
Resolution
- Log in to the Console and navigate to Settings > System Configuration > Events.
- Click Edit and adjust the External Event Logging section accordingly, please note:
- The Syslog Address can be specified via IP or FQDN, though FQDN is recommended.
- The Syslog Port can be customized, but regardless of port UDP will be used.
- After changes have been made, click Update and confirm.
Additional Information
- In some instances, very active environments may encounter a limitation in the number of Events that can also be exported via SYSLOG.
- App Control Server can output in syslog format. Any application that can ingest syslog format should work.
- Currently it is not possible to:
- Filter the Events sent from App Control. Filtering should be done in the application ingesting the Events.
- Use TCP instead of UDP for the network traffic.
- More information can be found in the User Guide > System Configuration > Event Management Options > Setting up External Event Logging.
Feedback
Yes
No
Powered by
