Syslog via Data Collector Transport Method Overview

Summary

Syslog is a widely adopted protocol utilized by various applications and computer systems to transmit security-related event data and telemetry. It serves as a standardized framework for logging system messages, enabling efficient aggregation, analysis, and monitoring of security information across diverse platforms.

The XDR Collector is positioned to deploy into the customer environment and collect syslog-based security telemetry from data sources.

By integrating with any syslog-producing data source, the platform ensures compatibility with a broad range of applications and systems that generate security-related data. This capability allows for comprehensive monitoring and analysis of security telemetry across diverse IT environments.

Reference Architecture

Data Collector Reference Architecture

Example Scenario

An application is deployed in the customer environment that can produce syslog for its security-based logging. An XDR Collector is deployed to be reachable on the local network, and configured as the destination of the application for its syslog output.

Setup

• On-Premise Data Collector
• On-Premise High-Availability Data Collector
• AWS Data Collector
• Azure Data Collector
• GCP Data Collector