Search

GlobalSCAPE Knowledge Base

Can I add the SysLogAppender to EFT's logging.cfg file to send logging to a SIEM server?

Last Month
Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, all versions

QUESTION

Can I add the SysLogAppender to EFT's logging.cfg file to send logging to a SIEM server?

ANSWER

Yes, you can add the SysLogAppender to EFT's logging.cfg file, found in ..\ProgramData\Globalscape\EFT Server.

Add the following code to the bottom of the logging.cfg file. (Add comments to inform future users of its purpose.)

log4cplus.rootLogger=TRACE, syslog
log4cplus.appender.syslog=log4cplus::SysLogAppender
log4cplus.appender.syslog.ident=syslog
log4cplus.appender.syslog.layout=log4cplus::PatternLayout log4cplus.appender.syslog.layout.ConversionPattern=[%T] %-5p %b %x - %m%n
log4cplus.appender.syslog.host=pdc
log4cplus.appender.syslog.udp=true
log4cplus.appender.syslog.port=514
log4cplus.appender.syslog.facility=user

​SIEM = Security information and event management, pronounced "SIM."

 For more information about logging.cfg, refer to the help for your version of EFT under "Log Format, Type, and Location."
Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: Last Month
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 636 times.
Options
Print Article
Export As PDF
Also In This Category
Customer Support Software By InstantKB 2020 Final
Execution: 0.000. 10 queries. Compression Disabled.