Syslog Log Sources
LogRhythm currently provides configuration guides for more than 60 syslog log sources, but the SIEM supports many more.
Our goal is to provide a configuration guide for every device the SIEM supports. If your syslog log source is not included yet, rest assured that we are working on it.
Syslog log sources cannot be moved from a Windows agent to a Linux agent (or vice versa) via the Move Log Sources Between Agents feature. Instead, retire the existing syslog log source and reconfigure it using the other agent.
Recently Added Guides
| Name | Date |
|---|---|
| Syslog - Fortinet FortiGate (Log Source Optimization) | September 13, 2023 |
| Syslog - Zscaler Nano Streaming Service | August 30, 2023 |
| Syslog - CyberArk | August 30, 2023 |
| Syslog - VMware Carbon Black App Control | August 30, 2023 |
| Syslog - Fortinet FortiAnalyzer | August 16, 2023 |
| Syslog - Generic Linux OS | August 16, 2023 |
| Syslog - LogRhythm Network Monitor (NetMon) | August 2, 2023 |
| Syslog - Cisco Meraki | June 7, 2023 |
| Syslog - SonicWall SonicOS/X | May 10, 2023 |
| Syslog - Cisco ISE | April 26, 2023 |
| Syslog - Aruba Clear Pass | March 1, 2023 |
| Syslog - Forcepoint Web Security V2.0 | February 15, 2023 |
| Syslog - Symantec DLP CEF | February 15, 2023 |
| Syslog - Cisco Secure Email | February 15, 2023 |
| Syslog - HPE OneView | February 1, 2023 |
| Syslog - FireEye MPS | January 18, 2023 |
| Syslog - Imperva Incapsula CEF | January 18, 2023 |
| Syslog - Tanium | January 18, 2023 |
| Syslog - Juniper Junos | December 7, 2022 |
| Syslog - Cisco Secure Web | September 21, 2022 |
| Syslog - Trend Micro Email Security | September 7, 2022 |
Deprecated Guides
| Name | Date |
|---|---|
| Solera Connector | March 25, 2020 |
Configure LogRhythm to Collect Logs
Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
These instructions assume you have already completed all procedures described in the specific device configuration guide for the logs you want to collect.
- In the Client Console on the main toolbar, click Deployment Manager.
- Click the System Monitors tab.
- Double-click the System Monitor Agent that collect the information.
The System Monitor Agent Properties dialog box appears. - Click the Agent Settings tab.
- Right-click anywhere in the Log Message Sources Collected by this Agent grid, and then click New.
- Click the Basic Configuration tab.
For Log Message Source Type, select the name of the log as provided in the specific device configuration guide, and then click OK.
Complete any additional steps described in the specific device configuration guide, if applicable.
To save the configuration, click OK, and then click OK again.