Clavister NetWall
Samurai [Local] Collector | Samurai [Cloud] Collector |
---|---|
This guide describes the steps required to configure a Clavister NetWall firewall to send syslog events to a Samurai Local Collector deployed in your network.
Connectivity Requirements
Source | Destination | Ports | Description |
---|---|---|---|
Clavister NetWall | Samurai Local Collector | TCP/514 or UDP/514 | For log transmission |
Configure Clavister Netwall
Follow the vendor documentation to add a new syslog receiver:
Perform the steps under section Example 2.29. Enabling Syslog RFC-5424 Compliance with Hostname.
Adjust Syslog service to TCP
Optionaly, in the cOS Core web interface:
- Navigate to: Objects -> Serivces
- Click on Syslog
- Modify Type and set the protocol to TCP
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.