Syslog Configuration for Forcepoint NGFW

Configuration Guide

Overview Direct link to this section

This document describes how to configure your Forcepoint Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information.

Configuring your Forcepoint NGFW for security monitoring Direct link to this section

You must use an account with access to the Forcepoint Stonesoft Management Center (SMC) and Forcepoint NGFW Engines to perform this configuration.

To configure your Forcepoint NGFW for security monitoring:

  1. Sign in to your Forcepoint SMC and then select Home.
  2. Select Others > Log Server.
  3. Right-click on the log server that you want to forward logs from and select Properties.
  4. Select the Log Forwarding tab, and then click Add to create a new rule.
  5. Double-click the Target Host field and then select the Arctic Wolf Sensor where you will forward the logs to.
  6. Click Add to add a new rule.
  7. Configure these log forwarding values:
    1. Target Host — Select the Arctic Wolf Sensor.

    2. Format — Select CEF to forward log data in the common event format.

    3. Remaining required fields — Set values according to your preferences.

      Tip: See the Forcepoint NGFW log forwarding documentation for more information about log forwarding rule options.

  8. Click OK to save the rule.
  9. Proceed to Providing configuration details to Arctic Wolf so that Arctic Wolf can monitor your Forcepoint NGFW device.

Providing configuration details to Arctic Wolf Direct link to this section

To provide the necessary configuration details to Arctic Wolf:

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your Concierge Security® Team (CST):
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address and/or hostname of the Forcepoint NGFW.
    • Any other questions or comments that you have.
  3. Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Forceoint NGFW device.