General Syslog Settings

Configuration Guide

Syslog monitoring Direct link to this section

Arctic Wolf® supports syslog server monitoring to enhance your network security. When Arctic Wolf detects security incidents or suspicious actions while monitoring your syslog integrations, we alert you so that you can take corrective actions.

Sylog server settings Direct link to this section

Most syslog servers require the same settings for Arctic Wolf to monitor them. Use these settings to enable Arctic Wolf monitoring on your syslog server:

Parameter Setting
IP address Arctic Wolf sensor IP address
Protocol TCP or UDP
Port 514
Facility Default settings
Syslog format Default settings
Encrypted syslog Port 6514

Additional configuration Direct link to this section

Some syslog servers require additional configuration steps. For steps to enable Arctic Wolf to monitor a specific syslog server, such as Palo Alto, Fortinet, ZScaler, or Infoblox, see Syslog Configurations.

If you have any questions or run into any configuration issues, contact your Concierge Security® Team (CST) for assistance.

Providing configuration details to Arctic Wolf Direct link to this section

To provide the necessary configuration details to Arctic Wolf:

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your CST:
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address or hostname of the syslog server.
    • Any other questions or comments that you have.
  3. Select Send.

Your CST reviews the details and confirms that Arctic Wolf is successfully processing the logs from your syslog server.