Syslog is a message-logging standard supported by most devices and operating systems (OSes). USM Anywhere can collect syslog data from devices in your environment and produce corresponding security events and alarms. You can forward syslog data from specific device types to the USM Anywhere Sensor IP address and port.

Note: See The Syslog Server Sensor App, Data Sources and Log Processing, and Enable Connections in an AWS VPC for more information.

To open the Log Collection page

1. Go to Settings > System.
2. In the left navigation panel, click Log Collection > Syslog Configuration.

3. If you have more than one USM Anywhere Sensor deployed, use the drop-down menu to select the sensor that you want to configure log collection.

   

   Note: If the sensor is receiving syslog messages from your network, you will see IP addresses listed under Device Sending Data. For performance reasons, this list only includes devices sending logs in the last 15 minutes. The list refreshes every 30 seconds. After the sensor is updated or the syslog-ng server used by the sensor restarts, the list is reset.

4. Click How do I configure my device? to see the instructions for your operating system:
• Windows: This is a link to the Collecting Windows System Logs page.
• Linux: This is a link to the Collecting Linux System Logs page.