TABLE OF CONTENTS
Overview
This guide provides step-by-step instructions to configure GTB DLP (Data Loss Prevention) to forward logs to the ADR Collection and Control Engine (CCE) using Syslog.
Syslog integration ensures that GTB DLP events are forwarded in real-time for centralized monitoring, compliance, and proactive threat detection within ADR SIEM.
Pre-Requisites
Administrative access to the GTB DLP console.
ADR CCE server deployed and reachable.
UDP port 514 allowed between GTB DLP and the ADR CCE server.
Syslog push mechanism (no configuration required on ADR UI for Syslog ingestion).
Steps to Configure Syslog on GTB DLP
Log in to GTB DLP Admin Console
Open a browser and log in with administrator credentials.
Navigate to Syslog Configuration
From the dashboard, go to:
Administration → System Settings → Syslog Settings
Enable Syslog Forwarding
Check Enable Syslog option.
Add Syslog Server Details
Enter the following details:
Syslog Server IP: Enter the ADR CCE IP.
Protocol: Select UDP.
Port: Enter 514.
Facility: Select appropriate facility (default =
LOCAL0).Severity/Level: Recommended = Informational or Warning.
Select Event Categories
Enable the event types you want to forward:
Policy violations
Endpoint violations
Network events
Alerts/Incidents
Save and Apply
Click Save and then Apply Changes.
Test Connection
Use the Test Syslog button (if available) to verify that logs can be forwarded successfully.
Verification (MSSP O
On CCE Server
Run the following command to confirm that logs are arriving:
sudo tcpdump -i any port 514 and host <GTB_DLP_IP> -AAA
On ADR SIEM UI
Log in to ADR UI with administrative rights.
Navigate to: System → Logs and Flows Collection Status.
Verify that the Source Device IP (GTB DLP IP) is visible and logs are being ingested.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article