Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Forcepoint V-Series Data Security Suite

 

Configuring Syslog for Forcepoint V-Series Data Security Suite

The Forcepoint V-Series Data Security Suite DSM accepts events using syslog. Before you can integrate JSA you, must enable the Forcepoint V-Series appliance to forward syslog events in the Data Security Suite (DSS) Management Console.

  1. Select Policies >Policy Components >Notification Templates.
  2. Select an existing Notification Template or create a new template.
  3. Click the General tab.
  4. Click Send Syslog Message.
  5. Select Options >Settings >Syslog to access the Syslog window.

    The syslog window enables administrators to define the IP address/host name and port number of the syslog in their organization. The defined syslog receives incident messages from the Forcepoint Data Security Suite DSS Manager.

  6. The syslog is composed of the following fields:
    • Max length for policy categories is 200 characters.

    • Max length for destinations is 200 characters.

    • Details and source are reduced to 30 characters.

  7. Click Test Connection to verify that your syslog is accessible.

You can now configure the log source in JSA. The configuration is complete. The log source is added to JSA as OSSEC events are automatically discovered. Events that are forwarded to JSA by OSSEC are displayed on the Log Activity tab of JSA.

Configuring a Log Source for Forcepoint V-Series Data Security Suite

JSA automatically discovers and creates a log source for syslog events from Forcepoint V-Series Data Security Suite.

The following configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Forcepoint V Series.
  9. Using the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Table 1: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your Forcepoint V-Series Data Security Suite DSM

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete.