Device Details
|
Vendor |
Claroty |
|---|---|
|
Device Type |
ICS Monitoring |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
3.2.1 (latest tested) |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog – Claroty CTD CEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Device Configuration Checklist
-
In your Claroty application, go to Configuration, and then Syslog.
-
Select Add.
-
If checked, uncheck Local.
Any logging level can be enabled. Health Monitoring is the most verbose logging level and encompasses the other log level options. -
(Optional) Select Monitor EMC to monitor the Enterprise Management Console (EMC) health.
-
Set the Message Format to Common Event Format (CEF).
-
Set the Check Application Layer Response to disabled.
-
Enter the Syslog Server IP, which is the IP of the LogRhythm System Monitor.
-
Enter the Syslog Port. The default is 514.
-
Choose the protocol, either TCP or UDP.UDP is the default.Use TCP for Secure Syslog.
Currently Supported Events
-
Alerts
-
Baselines
-
Events
-
Health monitoring