Documentation forHybrid Cloud Observability Essentialsand Log Analyzer

Log forwarding in LA

On the LA Log Processing Configuration page, create custom rules to forward your syslog and trap messages to a dedicated server. This feature allows you to forward log data to third-party systems and other SIEM tools.

  1. On the Log Viewer toolbar, click Settings.

  2. In the Processing Policies pane, click to expand the Syslog or Traps policy group, and then click My Custom Rules.

  3. Click Create.

  4. Enter a descriptive name for the rule, and then click Next.

  5. Select your source computers.

    You can choose to trigger this alert from all sources, or specify conditions and values for one or more sources.

  6. Define your log entry rule conditions and values, and then click Next.

  7. Select Forward the Entry, and then click Configure Action.

  8. Enter the destination server IP and UDP port. For syslog forwarding, review the hostname and original address options.

    To forward secure syslogs, select TCP over TLS from the Via drop-down list, and then enter port 6514.

    Select one of the following options for the source address:

    • Use the Orion server's address as the source address
    • Use the original sender's address as the source address
    • Use a custom source address
  9. Select one of the following options for the HOSTNAME field:

    • Do not change the HOSTNAME field
    • Use the original sender's address for the HOSTNAME field
    • Use a custom address for the HOSTNAME field

    Select one of the following options for the ORIGINAL ADDRESS field:

    • Do not add an ORIGINAL ADDRESS field
    • Add the original sender's address for the ORIGINAL ADDRESS field
    • Add a custom address for the ORIGINAL ADDRESS field
  10. For trap forwarding, review the trap OID option.

    Select one of the following options for the trap OID address:

    • Do not add an OID with address
    • Use the original sender's address for the OID address
    • Add a custom source address for the OID address
  11. Click Done, and then click Next.

  12. Review your rule summary, and then click Save to create the rule. To edit your rule conditions and actions, click Back.