G DATA Business Solutions: SIEM Syslog Output

With the help of this guide, you can use the Telegraf service to pass G DATA Management Server security events to your SIEM system in the syslog log (output).

This guide assumes that the inbound configuration and the G DATA Management Server configuration have already been done.

1

Open the "telegraf.conf" from this directory:

C:\Program Files (x86)\G Data\G DATA AntiVirus ManagementServer\Telegraf

2

Adjust the following value:

[[outputs.syslog]]

## URL to connect to

## ex: address = "tcp://127.0.0.1:8094"

## ex: address = "tcp4://127.0.0.1:8094"

## ex: address = "tcp6://127.0.0.1:8094"

## ex: address = "tcp6://[2001:db8::1]:8094"

## ex: address = "udp://127.0.0.1:8094"

## ex: address = "udp4://127.0.0.1:8094"

## ex: address = "udp6://127.0.0.1:8094"

address = "udp://127.0.0.1:514"

The line address = "udp://127.0.0.1:514" should be adjusted to the IP address of your SIEM system.

3

Save the change.

4

Create a new telegraf service using the customized "telegraf.conf".