TABLE OF CONTENTS
Overview
To send Cortex XDR notifications to your Syslog server, you need to define the settings for the Syslog receiver from which you want to send notifications.
Configuration
1.Select Settings -->Configurations-->Integrations-->External Applications.
2. In Syslog Servers, add a + New Server.
3. Define the Syslog server parameters:
Name
—Unique name for the server profile.
Destination
—IP address of CCE.
Port
—514 UDP Port
Facility
—Choose one of the Syslog standard values. The value maps to how your Syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.
Protocol
UDP
—Cortex XDR runs a validation to ensure the connection was made with the syslog server.
Verification (MSSP Only)
1) From GUI: Login on the GUI and go into the logs flow collection status to verify the device.
2) From CCE: Also, We can verify from CCE-
Login on CCE as a ADR user and run the below command to make sure logs are coming on
the server or not- sudo tcpdump -i any port 514 and host <device_ip>
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article