How to Configure the Syslog Collector
Learn how to send and analyze syslog data from your applications, systems, or devices directly into DigitalStakeout XTI for centralized monitoring.
How to Configure the Syslog Collector
The Syslog Collector in DigitalStakeout XTI allows you to forward syslogs from external applications, servers, and network devices directly into the platform. This feature supports centralized logging, operational insight, and real-time security analysis.
Use Cases
- 🔐 Security Operations (SOC) — Ingest firewall, IDS/IPS, or endpoint logs for correlation
- 🧠 Threat Detection — Spot anomalies and indicators of compromise in real time
- 📋 Compliance Auditing — Retain logs for HIPAA, PCI-DSS, or ISO27001 audit readiness
- ⚙️ Infrastructure Monitoring — Track events from routers, switches, and system daemons
Setup Overview
To activate syslog collection:
- Configure a Syslog Collector inside XTI
- Point your device or application to the collector endpoint
- Monitor and analyze incoming logs in the XTI Console
Step-by-Step Configuration
1. Create a New Collector
- Navigate to Setup → Collectors
- Click Add Collector
- Select Syslog Collector
2. Define Settings
Field | Description |
---|---|
Collector Name | Name your collector for easy filtering (e.g., vpn_logs_1 ) |
Status | Set to Enabled to start accepting data |
Expires On | (Optional) Set a date to auto-deactivate the collector |
After saving, XTI will generate the Syslog Endpoint Address you’ll use in your device or application config.
3. Configure the Sender (Device or App)
Set your device to forward syslogs to the XTI-provided endpoint. Common formats:
- Protocol: UDP or TCP
- Port: Provided by XTI
- Syslog Format: RFC 3164 or RFC 5424 preferred
Example (Linux CLI):
logger -n YOUR_XTI_SYSLOG_HOST -P YOUR_PORT "Test log from server1"
Example (/etc/rsyslog.conf
):
/etc/rsyslog.conf
):*.* @YOUR_XTI_SYSLOG_HOST:YOUR_PORT
Ensure your network allows outbound traffic to the collector endpoint.
Log Analysis in XTI
Each syslog event appears in the Console with:
- Timestamp
- Source IP or hostname
- Severity level
- Parsed message content
- Linked tags and alerts (if configured)
Use filters to pivot on IP, tags, severity, or custom fields.
Best Practices
- 🧩 Tag your collectors by system type, site, or risk category
- 🔐 Restrict sender IPs using firewall rules for secure delivery
- 🔄 Rotate collectors when decommissioning assets or systems
- 📊 Correlate with feeds using Keyword Feed or Presence Feed for enriched alerts
- ✅ Test setup with test log lines or controlled event triggers before go-live
Compliance & Responsibility
You are responsible for ensuring that logs sent to DigitalStakeout do not violate any internal or external privacy or regulatory requirements.
- Do not forward unauthorized or personal data unless legally approved
- Maintain access controls on log-producing systems
- Validate retention policies to ensure compliance with organizational requirements
Example Scenarios
- Forward UTM logs from Fortinet or Palo Alto to detect blocked IP attempts
- Aggregate syslogs from Linux servers into XTI for centralized visibility
- Pipe web server logs for keyword alerting and external abuse patterns
- Monitor VPN connections or auth events for anomaly detection
Want to explore integration with third-party SIEMs or cloud firewalls?
(Contact your DigitalStakeout administrator or support for Syslog integration best practices.)
Updated 2 days ago