Send output to syslog

Contrast allows you to send security logs to a remote syslog server in addition to the Contrast Security log. By sending logs to syslog, you no longer have to monitor Contrast logs.

Note

  • A Protect license must be applied to the server on which you would like to enable syslog output.

  • You may have to enable remote logging so that your syslog can receive outside messages.

Default server settings

Organization settings act as the default configuration for all new servers. To set up or edit default server settings, go to user menu > Organization settings > Servers. In the configuration form, select the checkbox to Enable output of Protect events to syslog, which reveals additional fields, and then enter the appropriate settings.

For more information on creating server configurations in Organization Settings, go to Server Defaults.

Enable output to syslog

Select Servers in the header to enable and configure syslog output to an individual server or multiple servers at one time.

Individual server:

To enable syslog on an individual server, hover over the grid row, and select the Server settings icon.

In the Server Settings window, check the box to Enable output of Protect events to syslog. If syslog defaults have been set for the server environment in Organization Settings, the values are pre-populated in the fields that appear. Once you save the settings, syslog is enabled on the server.

Multiple servers:

To enable syslog on multiple servers, use the check marks to select the servers, and select the Server Settings icon in the action bar.

Note

If one or more of the selected servers is not eligible to have syslog enabled, syslog is only enabled on the servers that are eligible.

In the Bulk Server Settings window, click the Edit link to enable the option to send Protect events to syslog. Select the checkbox to Send output of Protect events to syslog, and complete the fields that appear. Once you complete all required fields and save the settings, syslog is enabled on the selected servers.

If all selected servers are in the same environment, and syslog defaults are set for that environment in Organization Settings, the values are pre-populated in the fields that appear. If eligible servers selected are in different environments, you can choose to use the default settings for the applicable servers or manually configure the settings for all servers.

Enabled servers

When syslog is enabled, the server has a gray arrow icon beside its name in the grid. Hover over the icon to see the output location of Protect events.

To edit server settings, repeat the steps above to update the values in the appropriate configuration form, and save your changes.