CB Protection: How to Setup Syslog Messages
search cancel

CB Protection: How to Setup Syslog Messages

book

Article ID: 289284

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Configure Syslogging with CB Protection

Environment

  • CB Protection 7.2.x and Higher

Resolution

  1. Prepare the Syslog server to log Cb Protection events. See the
    separate Cb Protection Event Integration Guide for more details about preparing the
    server.
  2. On the Cb Protection Console menu, click the configuration (gear) icon and choose
    System Configuration, and on the System Configuration page, click on the Events
    tab.
  3. On the Events tab, click the Edit button at the bottom of the page.
  4. In the External Event Logging panel, check the Syslog Enabled box.
  5. Provide the address (IP address or FQDN) and port number of the Syslog server in
    the Syslog Address and Syslog Port boxes, respectively.
  6. Choose the output format from the Syslog Format menu.
  7. Click Update and choose Yes on the confirmation dialog to save the configuration.

Additional Information

  • Cb Protection supports integration of its event information with Syslog servers using several formats. It's possible to configure Syslog integration on the Events tab of the System Configuration page
  • For additional Syslog formats please refer to the Idea Request below
  • https://community.carbonblack.com/t5/Idea-Central/Additional-Email-Tags-and-Syslog-fields/idi-p/67417#M7430