Host GS: Set Syslog Forwarding

Document created by RSA Information Design and Development Employee on Mar 21, 2017
Version 1Show Document
  • View in full screen mode

You can configure Syslog forwarding to forward the operating system logs of your Security Analytics Hosts to a remote syslog server. You can use the Set Syslog Forwarding task in the Host Task List to enable or disable syslog forwarding.

Set Up and Start Syslog Forwarding

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a service and Actns.png >View> System.

    The System view for the service is displayed.

  3. In the Services System view toolbar, click Host Tasks.
  4. In the Host Task List, select Set Syslog Forwarding.

    In the Info area, a brief explanation of the task and the task arguments is displayed.


  5. In the Arguments field, do any one of the following.

    • To enable syslog forwarding, specify any one of the following formats:

      • host=<loghost>.<localdomain> (for example, host=syslogserver.local).
      • host=<loghost>.<localdomain>:<port> (for example, host=syslogserver.local:514).
      • host=<IP> (for example, host=
      • host=<IP>:<port> (for example, host=

        The following table lists the parameters used to enable syslog forwarding and its descriptions.



        The host name of the remote syslog server.

        localdomainThe domain of the remote syslog server.


        IP address of the remote syslog server.

        IPThe port number on which the remote syslog server receives a syslog messages.
    • To disable syslog forwarding, type host=disable.
  6. Click Run.

    The result is displayed in the Output area.

Once syslog forwarding is enabled or disabled, the /etc/rsyslog.conf file is updated automatically to enable or disable syslog forwarding to the remote syslog destination and the syslog service is restarted.

If you enable syslog forwarding, the logs from the configured service are forwarded to the defined syslog server and continues forwarding until disabled.

Note: You can now log in to the remote syslog server and verify if the messages are being received from
the Security Analytics services configured for syslog forwarding.

Previous Topic:Set SNMP
You are here
Table of Contents > Host Procedures from the Task List Dialog > Set Syslog Forwarding