1. Go to Detections > Notifications > Notification Method Settings. The Notification Method Settings screen will appear.
2. In the SNMP Trap Settings section, specify the following:
   • Community name: Type the SNMP community name.
   • Server IP address: Type the IP4 vor IPv6 address of the SNMP server.

   

3. Click Save.

Modify Syslog Settings

1. Go to Detections > Notifications > Notification Method Settings. The Notification Method Settings screen will appear.
2. In the Syslog Settings section, specify the following:
   • Server IP address: Type the IPv6 or IPv4 address of the syslog server
   • Port: The port number of the syslog server
   • Facility: Select the facility code
3. Click Save.

Log Forwarder can send several log types from the Apex Central database to a syslog server in either Common Event Format (CEF) or Apex Central format.

Enable Syslog Forwarding

1. Log in to Apex Central console using an Administrator account.
2. Go to Administration > Settings > Syslog Settings. The Syslog Settings screen appears.
3. Select the Enable syslog forwarding check box.
4. Configure the following settings for the server that receives the forwarded syslogs:
   • Server address: FQDN or IP address of the receiving Syslog or SIEM server.
   • Port: Syslog server port number. For UDP, the IANA standard port number is 514. For TLS, it's usually port 6514.
   • Protocol: Select TCP, UDP, or SSL/TLS as the method of communication with the syslog server

   

    

   If SSL/TLS is selected, by default Apex Central accepts receiver's SSL certificate without validation.

   • For best security practice, upload CA certificate that issued receiver’s SSL certificate to enable SSL certificate validation.
   • If the receiver SSL certificate is a self-sign certificate, it must contains Subject and Subject Alternative Name, the CN Name and DNS Name must contain the Receiver host FQDN or IP address.
   • Apex Central only supports CA certificates in X.509 format with .DER or .PEM encoding
5. (Optional) To use a proxy server for syslog forwarding, select the Use a SOCKS proxy server check box. Apex Central uses the proxy server configured on the Proxy Settings screen (Administration > Settings > Proxy Settings) for syslog forwarding.
    

   • Apex Central only supports syslog forwarding over a SOCKS protocol proxy server for SSL/TLS or TCP transmissions.
   • Syslog forwarding does not support HTTP proxy servers. To use a proxy server for syslog forwarding, click Configure proxy settings and select a SOCKS protocol server on the Proxy Settings screen.
6. Select the log Format:
   • CEF: Uses the standard Common Event Format (CEF) for log messages
   • Apex Central format: Sets the syslog Facility code to "Local0" and the Severity code to "Notice"

   For more information, see Supported Log Types and Formats.

7. Select the log type(s) to forward:
   1. Select a log category from the Log type dropdown list:
      • Security logs
      • Product information
   2. Select the check box(es) for the log(s) you want to forward. Apex Central displays the total number of selected log types next to the Log type dropdown list.
   3. (Optional) Select another log category from Log type dropdown list to select additional logs types to forward.
8. Click Test Connection to test the server connection. The syslog server connection status will appear at the top of the screen.
9. Click Save.