Enable the Syslog Reporting
Open the NetMon Web Management interface.
On the top navigation bar, click Configuration, and then click the Syslog tab.
Set the following fields to the appropriate values:
Field | Configuration |
|---|---|
Syslog Type | Set to UDP, TCP, or SecureTCP for Syslog data output. This setting is determined by the protocol used by the Agent receiving data over Syslog. If NetMon is integrated with the LogRhythm SIEM, you should use TCP for Syslog. |
Syslog IP | Enter the IP address of the Agent or other collector that will collect Syslog output. |
Syslog Port | The default Syslog port for the LogRhythm SIEM is 514, but it can be changed to 601 or to any port higher than 1000. |
Syslog Max Line Length | The maximum, single-message line length (in characters) for a Syslog protocol. The default value is 2000. |
Password Scrubbing | Set to ON to mask unencrypted passwords as a series of asterisks rather than show them in cleartext. |
Forward All Supported Data | Set to ON to allow NetMon to forward alerts and diagnostics, along with metadata such as basic license level, version information, and anonymous usage statistics. Set to OFF (default) to send only alerts and diagnostics. |
Heartbeat Report Time | The time interval (in seconds) between heartbeats when NetMon is synced with the LogRhythm SIEM. The default value is 60. |
Peer Common Name | Defines the peer common name for SecureTCP. Type a peer common name in the text box. This option is only required if you are using SecureTCP. |
CA Cert, Machine Cert, or Machine Key | Certificates required for SecureTCP. Click to upload a CA certificate, machine certificate, and machine key. This option is only required if you are using SecureTCP. |
Click Apply Changes.
NetMon restarts with the new settings, which may take a few minutes