Enable Syslog Logging for Data Loss Prevention

book

Article ID: 160181

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You have the option to send severe Data Loss Prevention (DLP) system events to a syslog server.

Resolution

You have the option to send severe DLP system events to a syslog server. To do this you must modify the config\Manager.properties file.

Note: You can configure DLP to send email notifications of severe system events. For details, open the DLP online help and go to Administration > System > Alerts > Alerts Overview. 

To enable syslog logging:

  1. Locate and open the config\Manager.properties file.
  2. Uncomment the following lines:
    • #systemevent.syslog.host=
    • #systemevent.syslog.port=
    • #systemevent.syslog.format= [{0.EN_US}] {1.EN_US} - {2.EN_US}
  3. Type values for each of these parameters, as follows:
    • host—syslog server host or IP address
    • port—syslog server port number (default is 514)
    • format—log file message format. Specify one or more of the following indicators:

{0.EN_US}—includes the name of the server on which the event occurred

{1.EN_US}—includes a brief summary of the event

 

For a more complete description, see TECH218905.