Key Points and Configuration Steps:

Sending syslog events directly from each device to Splunk or syslog server is possible by configuring the options per-device:

Go to Devices -> All Devices -> <device_name>
Right-click on the device in quesiton, then click Edit, then Device Configuration
For event logs
- Click Remote Syslog on the pop-up window
- Add a Remote Syslog destination with appropriate facility designations. These are defined by the BSD Syslog Protocol. Refer to RFC 3164 for more details.
- After making your changes, Click Ok on the Device Configuration window.
- In Remote Syslog configuration, adding a syslog destination alone does not send events. The associated Action Sets must have Remote Syslog notifications enabled for inspection filters relevant to the events you want to forward.
  - Profiles -> Shared Settings -> Action Sets
  - Add Remote Syslog as a notification option for new or existing action sets. We recommend creating a new action set for those you need syslog events for, and then specifically configuring overriding the filters you need syslog notification for with that action set.
  - Override filters you need the syslog notification with the action set.
  - Distribute profile changes to managed devices.
For system, audit, quarantine, or SSL inspection logs
- Click Log Configuration in the Device Configuration pop-up window
- Click New for the type of log you need to add a notification contact to
- Select Remote Syslog as the type and set the severity threshold for events you wish to capture. It will use the contact defined in the Remote Syslog configuration. Click Ok.
- Click Ok on the Device Configuration window.

After configuration, verify that logs are being received directly from each device in Splunk or the designated destination syslog server.

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Product / Version includes:

TippingPoint TX-Series All , TippingPoint TXE-Series All

Last updated: 2025/08/20

Solution ID: KA-0020253

Category: Configure

Summary

This article explains how to configure each individual TippingPoint IPS/TPS device to send syslog data directly to Splunk or syslog server(s) rather than routing all syslog data through and then forwarding from the Security Management System.

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Summary:

Background:

While it is best practice to use the SMS to send syslog data, some may prefer to have the data sent directly from the device.

Key Points and Configuration Steps:

Sending syslog events directly from each device to Splunk or syslog server is possible by configuring the options per-device:
- Go to Devices -> All Devices -> <device_name>
- Right-click on the device in quesiton, then click Edit, then Device Configuration
- For event logs
  - Click Remote Syslog on the pop-up window
  - Add a Remote Syslog destination with appropriate facility designations. These are defined by the BSD Syslog Protocol. Refer to RFC 3164 for more details.
  - After making your changes, Click Ok on the Device Configuration window.
  - In Remote Syslog configuration, adding a syslog destination alone does not send events. The associated Action Sets must have Remote Syslog notifications enabled for inspection filters relevant to the events you want to forward.
    - Profiles -> Shared Settings -> Action Sets
    - Add Remote Syslog as a notification option for new or existing action sets. We recommend creating a new action set for those you need syslog events for, and then specifically configuring overriding the filters you need syslog notification for with that action set.
    - Override filters you need the syslog notification with the action set.
    - Distribute profile changes to managed devices.
- For system, audit, quarantine, or SSL inspection logs
  - Click Log Configuration in the Device Configuration pop-up window
  - Click New for the type of log you need to add a notification contact to
  - Select Remote Syslog as the type and set the severity threshold for events you wish to capture. It will use the contact defined in the Remote Syslog configuration. Click Ok.
  - Click Ok on the Device Configuration window.
After configuration, verify that logs are being received directly from each device in Splunk or the designated destination syslog server.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Summary:

Background:

Key Points and Configuration Steps:

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Product / Version includes:

Summary

Configuring Individual TippingPoint TPS devices to Send Syslog to Splunk or Syslog Servers Directly

Summary:

Background:

Key Points and Configuration Steps: