On This Page
Sending Additional Information via Syslog
Many of your monitored devices can be set up to send additional information to TOS, such as:
-
Rule and object usage information that can be seen in SecureTrack, such as the rules that were invoked or 'hit'
-
Accountability information that can be seen in SecureTrack, such as the users who made policy changes and the computer used to make the change
-
Details of the applications that pass traffic through the device - can be seen in SecureApp
-
Notifications to TOS that a security configuration change has occurred, so TOS can fetch the updated policy (revision) from the device immediately, rather than wait for the periodic polling
To get this additional information, you must configure your devices to send syslogs to SecureTrack.
Syslog traffic must be sent to port 514 on the SecureTrack server that monitors the device (Central Server, Distribution Server or Remote Collector Server), to the IP or host name of the server.
Syslog proxy is supported for specific devices. Only rules that are marked in the device for logging will be included in the syslogs.
For more information on syslog proxy support for supported devices, see the related topics in this section: