Generic Syslog Settings
Updated Sep 19, 2023Syslog ingestion and monitoring
Arctic Wolf® can ingest and monitor syslogs to provide insight into your network and enhance your network security.
Note: Arctic Wolf supports TLS version 1.2 for encrypted syslog data sent to the Arctic Wolf Sensor. If your log source requires older cipher suites, contact your Concierge Security® Team (CST) to discuss an exception.
Arctic Wolf provides a certificate to use when configuring encryption for syslog forwarding. For more informaton, contact your CST.
Supported log formats
Arctic Wolf supports raw log ingestion for syslog integrations. However, we do not currently provide security monitoring for all log types, such as non-RFC logs.
Sylog server settings
Most syslog servers require the same settings for Arctic Wolf to monitor them. Use these settings to enable Arctic Wolf monitoring on your syslog server:
| Parameter | Setting |
|---|---|
| IP address | Arctic Wolf sensor IP address |
| Protocol | TCP or UDP |
| Port | 514 |
| Facility | Default settings |
| Syslog format | Default settings |
| Encrypted syslog | Port 6514 |
Additional configuration
Some syslog servers require additional configuration steps. For steps to enable Arctic Wolf to monitor a specific syslog server, such as Palo Alto, Fortinet, ZScaler, or Infoblox, see Syslog Configurations.
If you have any questions or run into any configuration issues, contact your CST for assistance.
Provide configuration details to Arctic Wolf
- Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.