Set Syslog Port to Non-Default Value in LogRhythm Enterprise

These instructions explain how to configure your LogRhythm Enterprise instance to receive Syslog data from a port other than the default (514).

In LogRhythm Enterprise

1. Open the Deployment Manager.
2. Click the System Monitors tab.

3. Double-click the Agent that will receive the Syslog output.
   The System Monitor Agent Properties window appears.

4. In the bottom-left corner of the window, click Advanced.
   The Agent Advanced Properties window appears.

5. In the text filter field under the Name column, type Syslog.
6. Specify the SyslogTCPPort that you will be sending to.
7. Specify the SyslogUDPPort that you will be sending to.
8. Click OK to close the Agent Advanced Properties window, and then click OK to close the System Monitor Agent Properties window.

In NetMon

1. Open the NetMon Web Management interface.
2. On the top navigation bar, click Configuration, and then click Syslog.
3. In the Syslog Type field, select UDP, TCP, or SecureTCP.
4. In the Syslog Port field, enter the Syslog port that you configured in LogRhythm Enterprise.
5. Click Apply Changes.