From the Web Console, you can configure the security connector to send logs to your organization's security information and event management product. By default, the security connector uses TLS encryption. As a result, a client certificate and client key signed by the Certificate Authority (CA) of the rsyslog server is not required. If a certificate is not provided, the security connector accepts the encryption of the rsyslog server.
Note: Ensure that the remote rsyslog server is configured to accept logs with the Transmission Control Protocol (TCP).
Log in to the Web Console:
Go to the http://mgmt_interface_IP:3000
where mgmt_interface_IP is the IP address of the management interface.
- In the Web Console Login, enter the password for the security connector, and click Login.
- Go to the http://mgmt_interface_IP:3000
- Click the edit icon to modify the virtual machine settings in the Web Console.
- Click the Configure SIEM slider to change it from FALSE to TRUE.
- In the Server IP fields, enter the IP address and the port of the rsyslog server.
To enable transport layer security (TLS) and
transport logs securely with a certificate:
Note: If a certificate is not provided, the rsyslog server is trusted by default
- Click the Enable TLS slider to change it from FALSE to TRUE.
- In the CA certificate field, paste the contents of a certificate from your trusted Certificate Authority (CA).
- Click Save.