Skip to main content
Skip table of contents

Syslog - Claroty CTD CEF

Device Details



Device Type

ICS Monitoring

Supported Model Name/Number


Supported Software Version(s)

3.2.1 (latest tested)

Collection Method


Configurable Log Output?


Log Source Type

Syslog – Claroty CTD CEF

Log Processing Policy

LogRhythm Default



Additional Information


 Device Configuration Checklist

  1. In your Claroty application, go to Configuration, and then Syslog
  2. Select Add.
  3. If checked, uncheck Local.
    Any logging level can be enabled. Health Monitoring is the most verbose logging level and encompasses the other log level options.
  4. (Optional) Select Monitor EMC to monitor the Enterprise Management Console (EMC) health.
  5. Set the Message Format to Common Event Format (CEF).
  6. Set the Check Application Layer Response to disabled.
  7. Enter the Syslog Server IP, which is the IP of the LogRhythm System Monitor.
  8. Enter the Syslog Port. The default is 514.
  9. Choose the protocol, either TCP or UDP.
    • UDP is the default.
    • Use TCP for Secure Syslog.

Currently Supported Events

  • Alerts
  • Baselines
  • Events
  • Health monitoring
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.