Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Forcepoint V-Series Data Security Suite

 

Configuring Syslog for Forcepoint V-Series Data Security Suite

The Forcepoint V-Series Data Security Suite DSM accepts events using syslog. Before you can integrate JSA you, must enable the Forcepoint V-Series appliance to forward syslog events in the Data Security Suite (DSS) Management Console.

  1. Select Policies >Policy Components >Notification Templates.
  2. Select an existing Notification Template or create a new template.
  3. Click the General tab.
  4. Click Send Syslog Message.
  5. Select Options >Settings >Syslog to access the Syslog window.

    The syslog window enables administrators to define the IP address/host name and port number of the syslog in their organization. The defined syslog receives incident messages from the Forcepoint Data Security Suite DSS Manager.

  6. The syslog is composed of the following fields:
    • Max length for policy categories is 200 characters.

    • Max length for destinations is 200 characters.

    • Details and source are reduced to 30 characters.

  7. Click Test Connection to verify that your syslog is accessible.

You can now configure the log source in JSA. The configuration is complete. The log source is added to JSA as OSSEC events are automatically discovered. Events that are forwarded to JSA by OSSEC are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Forcepoint V-Series Data Security Suite

If JSA does not automatically detect the log source, add a Forcepoint V-Series Data Security Suite log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Forcepoint V-Series Data Security Suite:

Table 1: Syslog Log Source Parameters for the Forcepoint V-Series Data Security Suite DSM

Parameter

Value

Log Source Name

Type a name for your log source.

Log Source Description

Type a description for the log source.

Log Source type

Forcepoint V Series

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Forcepoint V-Series Data Security Suite DSM.