1. Open the NetMon Web Management interface.
  2. On the top navigation bar, click Configuration, and then click the Syslog tab.
  3. Set the following fields to the appropriate values:

    Syslog TypeSet to UDPTCP, or SecureTCP for Syslog data output. This setting is determined by the protocol used by the Agent receiving data over Syslog. If NetMon is integrated with the LogRhythm SIEM, you should use TCP for Syslog.
    Syslog IPEnter the IP address of the Agent or other collector that will collect Syslog output.
    Syslog PortThe default Syslog port for the LogRhythm SIEM is 514, but it can be changed to 601 or to any port higher than 1000.
    Syslog Max Line LengthThe maximum, single-message line length (in characters) for a Syslog protocol. The default value is 2000.
    Password ScrubbingSet to ON to mask unencrypted passwords as a series of asterisks rather than show them in cleartext.
    Forward All Supported DataSet to ON to allow NetMon to forward alerts and diagnostics, along with metadata such as basic license level, version information, and anonymous usage statistics. Set to OFF (default) to send only alerts and diagnostics.
    Heartbeat Report TimeThe time interval (in seconds) between heartbeats when NetMon is synced with the LogRhythm SIEM. The default value is 60.

    Peer Common Name

    Defines the peer common name for SecureTCP. Type a peer common name in the text box. This option is only required if you are using SecureTCP.
    CA Cert, Machine Cert, or Machine KeyCertificates required for SecureTCP. Click to upload a CA certificate, machine certificate, and machine key. This option is only required if you are using SecureTCP.
  4. Click Apply Changes.
    NetMon restarts with the new settings, which may take a few minutes.