G DATA Business Solutions: SIEM Syslog Output

With the help of this guide, you can use the Telegraf service to pass G DATA Management Server security events to your SIEM system in the syslog log (output).

This guide assumes that the inbound configuration and the G DATA Management Server configuration have already been done.

1.	Open the "telegraf.conf" from this directory: C:\Program Files (x86)\G Data\G DATA AntiVirus ManagementServer\Telegraf
2.	Adjust the following value: [[outputs.syslog]] ## URL to connect to ## ex: address = "tcp://127.0.0.1:8094" ## ex: address = "tcp4://127.0.0.1:8094" ## ex: address = "tcp6://127.0.0.1:8094" ## ex: address = "tcp6://[2001:db8::1]:8094" ## ex: address = "udp://127.0.0.1:8094" ## ex: address = "udp4://127.0.0.1:8094" ## ex: address = "udp6://127.0.0.1:8094" address = "udp://127.0.0.1:514" The line address = "udp://127.0.0.1:514" should be adjusted to the IP address of your SIEM system.
3.	Save the change.
4.	Create a new telegraf service using the customized "telegraf.conf".