A remote SYSLOG server is another channel that you can use to report filter triggers. Remote Syslog sends filter alerts to a SYSLOG server on your network.
Note: Designating a remote system log server does not automatically send attack and shield notifications to that server. You must select the Remote System Log contact for action sets. After you apply these changes, active filters associated with the modified action set will send remote messages to the designated server.
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Devices->All Devices and expand the tab.
- Select an N-Platform IPS device from the display window and do one of the following:
- Right-click and select Edit->Device Configuration.
- On the top menu select Edit->Details->Device Configuration.
- Double-click the device and click on Device Configuration.
- On the Device Configuration Wizard screen, click the Remote SYSLOG tab.
- The Device Configuration (Remote SYSLOG) screen displays.
- Click New for a new configuration or select an existing listing and click Edit to change an existing configuration.
- Specify an IP Address and Port for the remote server.
- Select an Alert Facility from the drop-down menu: none or select from a range of 0 to 31.
- Select a Block Facility from the drop-down menu: none or select from a range of 0 to 31.
- Select a Delimiter for the generated logs: Horizontal Tab, Comma, Semi-colon, or Pipe.
- Click OK to return to the Device Configuration screen.
- Click OK to update the device.
Reference: SMS User Guide
Reference: What are Syslog Facilities and Levels?