Log forwarding

On the LA Log Processing Configuration page, create custom rules to forward your syslog and trap messages to a dedicated server. This feature allows you to forward log data to third-party systems and other SIEM tools.

1. On the Log Viewer toolbar, click Configure Rules.

   

2. In the Processing Policies pane, click to expand the Syslog or Traps policy group, and then click My Custom Rules.

3. Click Create New Rule.

   

4. Enter a descriptive name for the rule, and then click Next.

   

5. Select your source computers.

   You can choose to trigger this alert from all sources, or specify conditions and values for one or more sources.

   

6. Define your log entry rule conditions and values, and then click Next.

7. Select Forward the Entry, and then click Configure Action.

   

8. Enter the destination server IP and UDP port.

   

   To forward secure syslogs, select TCP over TLS from the Via drop-down list, and then enter port 6514.

   Select one of the following options for the source address:

   • Use the Orion server's address as the source address
   • Use the original sender's address as the source address
   • Use a custom source address

9. Click Done, and then click Next.

10. Review your rule summary, and then click Save to create the rule. To edit your rule conditions and actions, click Back.