Open the NetMon Web Management interface.
On the top navigation bar, click Configuration, and then click the Syslog tab.
Set the following fields to the appropriate values:
Set to UDP, TCP, or SecureTCP for Syslog data output. This setting is determined by the protocol used by the Agent receiving data over Syslog. If NetMon is integrated with the LogRhythm SIEM, you should use TCP for Syslog.
Enter the IP address of the Agent or other collector that will collect Syslog output.
The default Syslog port for the LogRhythm SIEM is 514, but it can be changed to 601 or to any port higher than 1000.
Syslog Max Line Length
The maximum, single-message line length (in characters) for a Syslog protocol. The default value is 2000.
Set to ON to mask unencrypted passwords as a series of asterisks rather than show them in cleartext.
Forward All Supported Data
Set to ON to allow NetMon to forward alerts and diagnostics, along with metadata such as basic license level, version information, and anonymous usage statistics. Set to OFF (default) to send only alerts and diagnostics.
Heartbeat Report Time
The time interval (in seconds) between heartbeats when NetMon is synced with the LogRhythm SIEM. The default value is 60.
Peer Common Name
Defines the peer common name for SecureTCP. Type a peer common name in the text box. This option is only required if you are using SecureTCP.
CA Cert, Machine Cert, or Machine Key
Certificates required for SecureTCP. Click to upload a CA certificate, machine certificate, and machine key. This option is only required if you are using SecureTCP.
Click Apply Changes.
NetMon restarts with the new settings, which may take a few minutes