Forward log files to the ActZero VM

ActZero uses the information that your system’s software and tools log so as to analyze it for signs of suspicious activity and malicious attacks.

Select the instructions that match your firewall to configure syslog forwarding on all of the firewalls in your network infrastructure. Setting up syslog forwarding is the third step in the overall ActZero onboarding process; refer to Get Started for an outline of the onboarding steps.

Firewalls typically forward traffic and IDS events via the syslog protocol on UDP. Depending on the vendor, firewall rules may need to be updated. Some firewalls allow the choice of sending such events at session start and session end. As much of the data is duplicated, select session end when this option is available.

You will need to ensure that syslog traffic from the firewall can get to the ActZero VM. This may include routing and firewall rule changes as well as establishing tunnels across multiple locations. We strongly recommend NOT sending the traffic over the public Internet as syslog UDP is a plaintext protocol.

Was this documentation helpful? Please send us your feedback!