| Samurai [Local] Collector | Samurai [Cloud] Collector | Samurai [Cloud Native] Collector |
|---|---|---|
 |
This guide describes the steps required to configure Claroty xDome to send logs to a Samurai Local Collector deployed in your network.
Connectivity Requirements
You must ensure the following connectivity requirements are available:
| Source | Destination | Ports | Description |
|---|---|---|---|
| Claroty xDome Collection Server | Samurai Local Collector | TCP/514 (syslog) | For log transmission |
Table 1: Connectivity requirements
Configure Claroty Syslog
Follow the steps outlined in About Claroty Syslog (Claroty login is required) using the following parameters:
| Field Name | Parameter |
|---|---|
| Destination IP | IP address of your Samurai Local Collector |
| Transport Protocol | TCP |
| Destination Port | 514 |
| Message Format | JSON |
| Syslog Protocol Standard | RFC 5424 |
| Installation Server | Select your xDome collection server |
| Export Comm. Events | ON. Select All Event Types and All Devices |
| Export Alerts | ON. Select All Alert Types |
| Export Vulnerabilities | ON. Select All |
Table 2: Claroty Syslog Configuration
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.