Title
Create new category
Edit page index title
Edit category
Edit link
CEF Syslog Feedback
The broker component can be configured to send a CEF syslog summary string to any endpoint via TCP or UDP.
The CEF syslog feedback is generated and sent to the configured endpoint when the main transform task and all its subtasks are in a final processing state.
To modify the syslog feedback configuration:
Step #1 - Open /home/sandbox/sandbox/broker.cfg in a text editor
Step #2 - Add or modify the following properties (no need to overwrite default values):
Step #3 - Save the file and restart the sandbox service
Property details
Property Name | Default Value | Description |
|---|---|---|
cefSyslogEnabled | false | Main switch to enable / disable CEF syslog feedback |
cefSyslogHost | Host name or IP address of the log server | |
cefSyslogPort | 514 | Port of the log server |
cefSyslogProtocol | tcp | Connection protocol to use: tcp or udp |
cefSyslogTimeoutMs | 10 seconds | Connection timeout used for TCP sockets |
cefSyslogUseSSL | false | Switch to enable / disable SSL verification for TCP sockets |
Example CEF syslog string:
See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet