Syslog Source (NG-SIEM)

Example
yaml
sources:
   syslog_udp_1514:
    type: syslog
    mode: udp
    port: 1514
    sink: next-gen-siem
  
   syslog_tcp_1514:
    type: syslog
    mode: tcp
    port: 1514
    sink: next-gen-siem
  sinks:
   next-gen-siem:
    type: hec
    token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    url: https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.ingest.YY-Y.crowdstrike.com
    proxy: none
    workers: 4
    maxEventSize: 910000
    maxBatchSize: 12000000
Introduction

This configuration sets up log collection from Syslog sources for NG-SIEM using both UDP and TCP protocols on port 1514. It defines two sources: one for recieving syslog messages over UDP and another for TCP-enabling compatibilty with diverse log-generating systems.

Step-by-Step
  1. yaml
    sources:
   syslog_udp_1514:
    type: syslog
    mode: udp
    port: 1514
    sink: next-gen-siem
  
   syslog_tcp_1514:
    type: syslog
    mode: tcp
    port: 1514
    sink: next-gen-siem

    This fragment defines two syslog sources: syslog_udp_1514 and syslog_tcp_1514 for collecting logs using both UDP and TCP on same port.

  2. yaml
    sinks:
   next-gen-siem:
    type: hec
    token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    url: https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.ingest.YY-Y.crowdstrike.com
    proxy: none
    workers: 4
    maxEventSize: 910000
    maxBatchSize: 12000000

    This fragment defines a HEC sink for forwarding log data to CrowdStrike NG-SIEM.

  3. Event Result set.

Summary and Results

This example demonstrates how to configure NG-SIEM to collect logs from syslog sources over both UDP and TCP protocols. Logs are forwarded to common sink for centralized processing and analysis.