Documentation Center
AlienVault® USM Anywhere™

Linux Log Collection with syslog

The use of syslogAn industry standard message logging system that is used on many devices and platforms. is required to send log data from Linux systems to the USM Anywhere Sensor IP address over UDP on port 514, over TCP on port 601, or TLS-encrypted data over TCP on port 6514. If you want to gain more visibility and use file integrity monitoring (FIM) in your Linux systems, USM Anywhere also supports osquery by default.

Using syslog to Send Logs from a Linux System

Syslog is an industry standard message logging system that is used on many devices and platforms. It provides a mechanism for network devices to send event messages to a logging server, also known as a syslog server. For example, a router might send messages about users logging on to console sessions, while a web server might log access-denied events.

Follow the procedure that corresponds to the Linux distribution you use.