Document toolboxDocument toolbox

Setting up Syslog

Owned by Sri Raghu
Last updated: Sept 06, 2024
1 min read

You can configure Data Connector to use Syslog as a destination for transferring data from a source. First, do the following to ensure that forwarding of data to a Syslog destination is secure:

  1. Configure Syslog for secure TCP communications via TLS. This is mandatory for encrypted communications.
  2. Configure server certificates to allow Data Connector to forward DNS queries and responses to the configured Syslog. The server certificates must be self-signed or signed by CA authorities, which you can retrieve from your Syslog tools. For more information, refer to the respective Syslog tool’s documentation.

To add a generic Syslog as a destination, do the following:

  1. Log in to the Infoblox Portal.
  2. Click ConfigureIntegrations Data Connector.
  3. On the Destination Configuration tab, from the Create drop-down list, choose Syslog.
  4. Do the following in the Create Syslog Destination Configuration wizard: 
    • Name: Provide a name that does not exceed 256 characters and that will distinguish this destination from others. 
    • Description: Provide a description that does not exceed 256 characters.
    • State: Use the slider to enable or disable the destination’s configuration, which will be disabled by default. If it is disabled, you will not be able to select this destination when you create a traffic flow.

    • Tags: Click Add and specify the following to associate a key with the destination:

      • KEY: Enter a meaningful name for the key, such as a location or department.  

      • VALUE: Enter a value for the key. For details, see Managing Tags.

    • Format: Choose CEF or LEEF, both of which are fully compliant with RFC 5424. The headers (PRI, VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID, MSGID, and STRUCTURED-DATA) are added, and the date/time format is also updated.
    • In the SYSLOG DETAILS section, do the following:
      • TCP: This protocol is selected by default and is the insecure TCP mode for data transmission.
      • TLS: Select this protocol to use the secure TCP mode for data transmission. In the SYSLOG CA CERTIFICATE section, click Select file to upload the CA certificate from the Syslog tool.
      • UDP: Select this to use UDP for data transmission.
      • FQDN/IP: Enter the FQDN or the IP address of the Syslog tool to which you want the Data Connector to send data.
      • Port: Enter the number between 1 and 65536. This is the number of the port that will be used to reach the Syslog tool.
      • Protocol: Select one of the following supported protocols:
  5. Click Save & Close.