Samurai [Local] Collector | Samurai [Cloud] Collector |
---|---|
This guide describes the steps required to configure WatchGuard Firebox to send logs to a Samurai Local Collector deployed on your network. The Firebox requires access to the Local Collector via syslog on port 514/UDP.
1) From your WatchGuard Firebox:
Adding Syslog Servers
Follow the steps outlined in the following section of the WatchGuard documentation.
Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
IP Address | IP address of your Samurai MDR Local Collector |
Port | 514 |
Log Format | IBM LEEF |
Description | Whatever you want. |
The serial number of the device | Enabled |
The syslog header | Enabled |
Syslog facility | Required log message types: Traffic, Alarm Optional log message types: Event, Diagnostic, Performance |
Table 1: Adding Syslog Servers
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.