HyperSec HyperCollector 2
  • HyperCollector 2 Setup
    • Hardware Requirements
    • Manual Installation
    • Virtual Machine
    • Physical Machine
  • Configuration
    • Preparation
    • Console Interface
      • System Options
        • Org ID
        • Site ID
        • Hostname
      • Interface Options
        • Management Interface
        • Event Interface
      • Advanced Options
        • DNS Settings
        • NTP Settings
      • About
    • Web Interface
      • Login
      • Dashboard
      • Settings
        • Sources
          • NXLog
          • Beats
          • HyperSec
          • Syslog
          • Netflow
        • Sinks
          • HTTP
          • Kafka
          • AWS S3
          • Vector
          • Splunk HEC Logs
        • System
          • Network Settings
          • System Settings
          • Advanced Settings
          • VPN Client Settings
      • Event Monitor
      • Certificates
      • Backup and Restore
      • Logout
    • MFA
      • Secure Shell
      • Web UI
  • Management
    • Accounts
    • Updates
    • Backup
    • Restore
  • Reference
    • API
    • Custom VRL Scripts
    • Sink Batch Settings
    • HyperCollector Configuration CLI
Powered by GitBook
On this page
  • Create a Syslog Listener
  • Edit Syslog Listener
  • Delete Syslog Listener
  1. Configuration
  2. Web Interface
  3. Settings
  4. Sources

Syslog

HyperSec HyperCollector Settings -> Sources -> Syslog

PreviousHyperSecNextNetflow

Last updated 3 months ago

The Syslog source settings page enables custom tagging of syslog traffic on custom ports.

Each defined syslog listener specifies:

  • port - an unused port which will listen for incoming events on the event interface

  • label - which is tagged to each event which is used for routing events in HyperSec XDR or an external SIEM..

  • protocol - protocol to accept, either UDP, TCP, TLS or both UDP and TCP or UDP and TLS. TLS and TCP are mutually exclusive, as TLS is TCP with encryption.

Create a Syslog Listener

To create a syslog listener, select the Create new Port Listener button.

Specify an unused port, a label which will tag each event, and the protocols to accept.

Click OK to create the new listener.

TLS Requirements

TLS Syslog connections require certificates to be uploaded through the Certificate Manager and configured through Advanced Settings to be active.

    1. syslog.tls.cert: The full filename of the Certificate uploaded, e.g. collector-syslog.crt.

    2. syslog.tls.ca_cert: The full filename of a Certificate Authority uploaded, e.g.: my-organization.crt.

    3. syslog.tls.privkey: The full filename of a Private Key uploaded, e.g.: collector-syslog-privkey.pem

    The syslog.tls.cert as a minimum must be configured for TLS connections to be available through syslog.

Edit Syslog Listener

To edit an existing syslog listener, select Edit next to the entry to modify. The Port cannot be modified, to change ports the listener must be deleted and then re-created.

Update the Label and/or the Protocols and select OK to update.

Delete Syslog Listener

To delete a syslog listener, select Delete next to the entry to remove and select OK.

Upload the Collector's Certificate, optionally a Certificate Authority and a Private Key through .

Configure the following Advanced Settings through

Web Interface -> Certificates
Web Interface -> System -> Advanced Settings.