Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Generic Syslog Settings

Updated Dec 13, 2023

Configure a syslog server to send logs to Arctic Wolf

Note: This is a generic configuration. Only use this configuration if your product is not listed on Syslog Integrations.

You can configure your syslog server to send the necessary logs to Arctic Wolf® for security monitoring.

Arctic Wolf supports raw log ingestion for syslog integrations, but we do not currently provide security monitoring for all log types. For example, non-RFC logs.

Requirements

Steps

  1. Configure log forwarding.
  2. Provide your syslog information to Arctic Wolf.

Step 1: Configure log forwarding

  1. To enable Arctic Wolf monitoring on your syslog server, configure these settings:

    • IP address — Enter your Arctic Wolf sensor IP address.
    • Protocol — Select TCP or UDP.
    • Port — Enter 514.
    • Facility — Keep the default settings.
    • Syslog format — Keep the default settings.
    • Encrypted syslog — Select Port 6514.
  2. (Optional) Some syslog servers require additional configuration steps. For example, Palo Alto, Fortinet, ZScaler, or Infoblox.

    See Syslog Configurations for more information.

    Note: Contact your CST for assistance.

Step 2: Provide your syslog information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click the Tickets tab, and then do one of these actions:

    • New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • Existing customers — Click Open a New Ticket.
  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.