On the LA Log Processing Configuration page, create custom rules to forward your syslog and trap messages to a dedicated server. This feature allows you to forward log data to third-party systems and other SIEM tools.
- On the Log Viewer toolbar, click Configure Rules.
- In the Processing Policies pane, click to expand the Syslog or Traps policy group, and then click My Custom Rules.
- Click Create New Rule.
- Enter a descriptive name for the rule, and then click Next.
- Select your source computers.
You can choose to trigger this alert from all sources, or specify conditions and values for one or more sources.
- Define your log entry rule conditions and values, and then click Next.
Select Forward the Entry, and then click Configure Action.
- Enter the destination server IP and UDP port.
To forward secure syslogs, select TCP over TLS from the Via drop-down list, and then enter port 6514.
Select one of the following options for the source address:
- Use the Orion server's address as the source address
- Use the original sender's address as the source address
- Use a custom source address
- Click Done, and then click Next.
- Review your rule summary, and then click Save to create the rule. To edit your rule conditions and actions, click Back.