Product Requirements
- RevealX Enterprise and ExtraHop Performance systems
Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.
Was this topic helpful?
How can we improve?
*This field is required. Please let us know how we can provide you with better help.
Need more help?
Ask the Community
Configure a syslog target for an open data stream
You can export data on an ExtraHop system to any system that receives syslog input (such as Splunk, ArcSight, or Q1 Labs) for long-term archiving and comparison with other sources.
-
Log in to the Administration settings on the ExtraHop system through
https://<extrahop-hostname-or-IP-address>/admin.
Repeat these steps on each sensor in your environment.
- In the System Configuration section, click Open Data Streams.
- Click Add Target.
- From the Target Type drop-down list, select Syslog.
- In the Name field, type a name to identify the target.
- In the Host field, type the hostname or IP address of the remote Syslog server.
- In the Port field, type the port number of the remote Syslog server.
-
From the Protocol drop-down list, select one of the
following protocols over which to transmit data:
- TCP
- UDP
- TLS
- (Optional): Select Local Time to send syslog information with timestamps in the local time zone of the ExtraHop system. If this option is not selected, timestamps are sent in GMT.
- (Optional): Select Length-prefix framing to prepend the number of bytes in a message to the beginning of each message. If this option is not selected, the end of each message is delimited by a trailing newline.
- (Optional): In the Batch min bytes field, type the minimum number of bytes to send to the Syslog server at a time.
- (Optional): In the Concurrent connections field, type the number of concurrent connections to send messages over.
- (Optional):
If you selected the TLS protocol, specify certificate
options.
- If the Syslog server requires client authentication, in the Client certificate field, specify a TLS client certificate to send to the server.
- If you specified a client certificate, in the Client key field, specify the private key of the certificate.
- If you do not want to verify the certificate of the Syslog server, select Skip server certificate verification.
- If you want to verify the certificate of the Kafka server, but the certificate has not been signed by a valid Certificate Authority (CA), in the CA certificates (optional) field, specify trusted certificates, in PEM format, with which to verify the server certificate. If this option is not specified, the server certificate is validated with the built-in list of valid CA certificates.
- (Optional):
Click Test to establish a connection between the
ExtraHop system and the remote Syslog server and send a test message to the
server.
The dialog box displays a message that indicates whether the connection succeeded or failed. If the test fails, edit the target configuration and test the connection again.
- Click Save.
Next steps
Create a trigger that specifies what syslog message data to send and initiates the transmission of data to the target. For more information, see the Remote.Syslog class in the ExtraHop Trigger API Reference.
Thank you for your feedback. Can we contact you to ask follow up questions?