Use the Syslog Settings screen to configure Apex Central to forward supported logs to a syslog server.
Note:
-
If you migrated to Apex Central from a previous Control Manager installation, Apex Central automatically imports your previous syslog forwarding settings configured using the LogForwarder tool (<Control Manager installation directory>\LogForwarder.exe).
-
After migrating to Apex Central, you will no longer be able to execute the LogForwarder tool.
Configuring Apex One Logging
- Go to . The Syslog Settings screen should then appear.
- Select the Enable syslog forwarding check box.
- Configure the following settings for the server that receives the forwarded syslogs:
-
Server address: Blumira Sensor IP
-
Port: Syslog server port number, 514 should be used
-
Protocol: Select the transmission protocol, TCP should be used
If SSL/TLS is selected, Apex Central accepts valid self-signed certificates by default.
-
If the server certificate contains a Subject Alternative Name, the Subject Alternative Name must contain the server FQDN or IP address.
-
For additional security, use a valid server certificate or upload the server certificate to Apex Central.
- (Optional unless SSL/TLS is used for syslog) To upload a server certificate if needed:
- Select the Use server certificate check box.
- Click Select to select the server certificate from your computer.
- Click Open – Apex Central uploads the selected server certificate.
Note:
- (Optional unless a proxy server is required) To use a proxy server for syslog forwarding, select the Use a SOCKS proxy server check box.
Apex Central uses the proxy server configured on the Proxy Settings screen () for syslog forwarding.
- Select the log format, you’ll want to use CEF. Below are the options you’ll likely see.
For more information, see Supported Log Types and Formats.
- Configure the frequency for when Apex Central forwards the logs. This should be every few minutes at the most to ensure best detection.
- Select the log type(s) to forward:
- Select a all log categories from the Log type drop-down list:
You can select log types from multiple log categories.
-
Security logs
-
Product information
- Select the check box(es) for the log(s) you want to forward.
Apex Central displays the total number of selected log types next to the Log type drop-down list.
- Select another log category from Log type drop-down list to select additional logs types to forward to ensure full coverage.
- (Optional) Click Test Connection to test the server connection. This does not save the syslog settings, but, when using TCP or SSL/TLS should give you an idea as to the configuration status. When using UDP you will not get a successful connection due to the nature of UDP, however, you can request Blumira Support validate data is landing.
The syslog server connection status appears at the top of the screen.
-
Click Save.
Apex Central starts forwarding logs to the configured syslog server.
To monitor the log forwarding status, go to and select Forward Syslog from the Command drop-down list.
For more information, see Querying and Viewing Commands.