You can export data on an ExtraHop Discover appliance to any system that receives
syslog input (such as Splunk, ArcSight, or Q1 Labs) for long-term archiving and comparison
with other sources.
-
Log in to the Administration page on the ExtraHop system through
https://<extrahop-hostname-or-IP-address>/admin.
-
In the System Configuration section, click Open
Data Streams.
-
Click Add Target.
-
From the Target Type drop-down menu, select
Syslog.
-
In the Name field, type a name to identify the
target.
-
In the Host field, type the hostname or IP address of the
remote syslog server.
-
In the Port field, type the port number of the remote
syslog server.
-
From the Protocol drop-down menu, select one of the
following protocols over which to transmit data:
-
Select Local Time to send syslog
information with timestamps in the local time
zone of the Discover appliance. If this option is not selected, timestamps are
sent in GMT.
- (Optional):
Click Test to establish a connection between the
Discover appliance and the remote syslog server and send a test message to the
server.
The dialog box displays a message that indicates whether the connection
succeeded or failed. If the test fails, edit the target configuration and test
the connection again.
-
Click Save.
Next steps
Create a trigger that specifies what syslog message data to send and initiates the
transmission of data to the target. For more information, see the
Remote.Syslog class in the
ExtraHop Trigger API Reference.
Thank you for your feedback. Can we contact you to ask follow up questions?