G DATA Business Solutions: SIEM Syslog Output
With the help of this guide, you can use the Telegraf service to pass G DATA Management Server security events to your SIEM system in the syslog log (output).
This guide assumes that the inbound configuration and the G DATA Management Server configuration have already been done.
1 |
Open the "telegraf.conf" from this directory:
|
2 |
Adjust the following value: [[outputs.syslog]] ## URL to connect to ## ex: address = "tcp://127.0.0.1:8094" ## ex: address = "tcp4://127.0.0.1:8094" ## ex: address = "tcp6://127.0.0.1:8094" ## ex: address = "tcp6://[2001:db8::1]:8094" ## ex: address = "udp://127.0.0.1:8094" ## ex: address = "udp4://127.0.0.1:8094" ## ex: address = "udp6://127.0.0.1:8094" address = "udp://127.0.0.1:514" The line address = "udp://127.0.0.1:514" should be adjusted to the IP address of your SIEM system. |
3 |
Save the change. |
4 |
Create a new telegraf service using the customized "telegraf.conf". |