Documentation Center
AlienVault® USM Anywhere™

Enabling syslog Connections in an AWS VPC

A USM Anywhere Sensor deployed in AWS to a virtual private cloud (VPC) automatically listens for syslog packets on UDP port 514, but you must enable access to it. This allows the other hosts in your network to send data to the sensor. You enable this access by opening this port using the AWS Security groups that were created by the CloudFormationCloudFormation templates define specific AWS resources (for example, Amazon EC2 instances and IAM permissions) that enable AWS to automate the provisioning and configuration of the service ("stack"). template that you used to deploy the sensor.

The AWS Security Groups

There are three AWS Security Groups that help control network connectivity between the instances:

UDP Port 514

You can open UDP port 514 to receive syslog packet transmissions from the AWS console using any one of the following methods:

  • Assign the USMBaseSG Security Group to the selected VMs by navigating to Networking > Change Security Groups action. (You can also do this through the AWS CLI.)
  • Add the default Security Group from your VPC to the USMServicesSG. This allows all the VMs in that Security Group to send to port 514 UDP.
  • Put the AWS sensor in the default Security Group from your VPC. This gives all of the VMs in the local VPC full access to all ports on the sensor.