Send Security Event Syslog Messages from Classic Devices

Before you begin

  • Configure policies to generate security events.

  • Ensure that your devices can reach the syslog server(s).

  • Confirm that the syslog server(s) can accept remote messages.

  • For important information about connection logging, see the chapter on Connection Logging.

Procedure

Step 1

Configure an alert response for your Classic devices:

See Creating a Syslog Alert Response.

Step 2

Configure syslog settings in the access control policy:

  1. Click Policies > Access Control.

  2. Edit the applicable access control policy.

  3. Click Logging.

  4. Select Send using specific syslog alert.

  5. Select the Syslog Alert you created above.

  6. Click Save.

Step 3

If you will send file and malware events:

  1. Select Send Syslog messages for File and Malware events.

  2. Click Save.

Step 4

If you will send intrusion events:

  1. Navigate to the intrusion policy associated with your access control policy.

  2. In your intrusion policy, click Advanced Settings > Syslog Alerting > Enabled.

  3. If necessary, click Edit

  4. Enter options:

    Option

    Value

    Logging Host

    Unless you will send intrusion event syslog messages to a different syslog server than you will send other syslog messages, leave this blank to use the settings you have configured above.

    Facility

    This setting is applicable only if you specify a Logging Host on this page.

    See Syslog Alert Facilities.

    Severity

    This setting is applicable only if you specify a Logging Host on this page.

    See Syslog Severity Levels.

  5. Click Back.

  6. Click Policy Information in the left navigation pane.

  7. Click Commit Changes.

What to do next