From the Web Console, you can configure the
security connector to send logs to your organization's security information and event
management product. By default, the security connector uses TLS encryption. As a result, a
client certificate and client key signed by the Certificate Authority (CA) of the rsyslog
server is not required. If a certificate is not provided, the security connector accepts the
encryption of the rsyslog server.Note: Ensure that the remote rsyslog server is configured to
accept logs with the Transmission Control Protocol (TCP).
How to
-
Log in to the Web Console:
-
Go to the http://mgmt_interface_IP:3000
where mgmt_interface_IP is the IP address of the management interface.
-
In the Web Console Login, enter the
password for the security connector, and click Login.
-
Click the edit icon to modify the virtual
machine settings in the Web Console.
-
Click the Configure
SIEM slider to change it from FALSE to TRUE.
-
In the Server IP fields, enter the
IP address and the port of the rsyslog server.
-
To enable transport layer security (TLS) and
transport logs securely with a certificate:
-
Click the Enable
TLS slider to change it from FALSE to TRUE.
-
In the CA certificate field, paste the
contents of a certificate from your trusted
Certificate Authority (CA).
Note: If a certificate is not provided, the
rsyslog server is trusted by default
-
Click Save.