You can export data on an ExtraHop Discover appliance to any system that receives syslog input (such as Splunk, ArcSight, or Q1 Labs) for long-term archiving and comparison with other sources.
- Log into the Admin UI on the ExtraHop Discover appliance.
- In the System Configuration section, click Open Data Streams.
- Click Add Target.
- From the Target Type drop-down menu, select Syslog.
- In the Name field, type a name to identify the target.
- In the Host field, type the hostname or IP address of the remote syslog server.
- In the Port field, type the port number of the remote syslog server.
From the Protocol drop-down menu, select one of the
following protocols over which to transmit data:
- Select Local Time to send syslog information with timestamps in the local time zone of the Discover appliance. If this option is not selected, timestamps are sent in GMT.
Click Test to establish a connection between the
Discover appliance and the remote syslog server and send a test message to the
The dialog box displays a message that indicates whether the connection succeeded or failed. If the test fails, edit the target configuration and test the connection again.
- Click Save.