Log Settings Tab

TippingPoint Advanced Threat Protection Analyzer maintains system logs that provide summaries of system events, including component updates and appliance restarts. Use the Log Settings tab, in Administration → Integrated Products/Services → Log Settings, to configure TippingPoint Advanced Threat Protection Analyzer to send logs to a syslog server.

Configuring Syslog Settings

TippingPoint Advanced Threat Protection Analyzer can forward logs to a syslog server after saving the logs to its database. Only logs saved after enabling this setting are forwarded. Previous logs are excluded.

Procedure

Go to Administration → Integrated Products/Services → Log Settings.

The Log Settings screen appears.
Select Send logs to a syslog server.
Type the host name, IPv4 address, or IPv6 address of the syslog server.

Type the port number.

Note

Trend Micro recommends using the following default syslog ports:

UDP: 514
TCP: 601
SSL: 443

Select the protocol to transport log content to the syslog server.
- UDP
- TCP
- SSL
Select the format in which event logs are sent to the syslog server.
- CEF: Common Event Format (CEF) is an open log management standard developed by HP ArcSight. CEF comprises a standard prefix and a variable extension that is formatted as key-value pairs.
- LEEF: Log Event Extended Format (LEEF) is a customized event format for IBM Security QRadar. LEEF comprises an LEEF header, event attributes, and an optional syslog header.
- Trend Micro Event Format (TMEF): Trend Micro Event Format (TMEF) is a customized event format developed byTrend Micro and is used by Trend Micro products for reporting event information.
Select the scope of logs to send to the syslog server:
- Virtual Analyzer analysis logs
- Product detection logs
(Optional) Select the logs to exclude from sending to the syslog server.
Click Save.

$('#title').html($('meta[name=description]').attr('content'));

Log Settings Tab

Configuring Syslog Settings

Procedure

Note