AlienVault® USM Anywhere™

Linux Log Collection with Syslog

The use of syslogAn industry standard message logging system that is used on many devices and platforms. is required to send log data from Linux systems to the USM Anywhere Sensor IP address over UDP on port 514, over TCP on port 601, or TLS-encrypted data over TCP on port 6514.

Using Syslog to Send Logs from a Linux System

Syslog is an industry standard message logging protocol that is used on many devices and platforms. It provides a mechanism for network devices to send event messages to a logging server, also known as a syslog server. In this case, a USM Anywhere Sensor is acting as the syslog server. USM Anywhere listens for syslog over UDP on port 514, over TCP on port 601, or Transport Layer Security (TLS)-encrypted data over TCP on port 6514. For example, a router might send messages about users logging on to console sessions, while a web server might log access-denied events.

Follow the procedure that corresponds to the Linux distribution you use.