Documentation forThreat Monitor

Configure syslog-based log sources and add corresponding plugins to a collector

Most network equipment in your environment, like routers and switches, can send syslog messages. These messages typically include general information about a device, such as the IP address, timestamp, and the actual log message.

Plugins provide way to add a variety log formats to the Threat Monitor environment. They define how to collect log data from third-party devices, and then translate the data into events that are processed into your environment.

Key log sources to monitor include Active Directory, DHCP, email, firewalls, intrusion detection systems, and malware.

This section provides configuration instructions for several different plugin types, but is not all inclusive. If your plugin is not listed, please refer to your vendor documentation.

Learn how to configure syslog-based log sources here, and plugins here.