Syslog Integration¶
This guide covers how to configure Syslog integration with the Traceable Platform for SIEM/SOAR connectivity.
Overview¶
Traceable Platform supports integration with Syslog servers to forward security events and notifications to your SIEM/SOAR systems.
Configuration Steps¶
To integrate the Syslog server with Traceable, navigate to Integrations → SIEM/SOAR. Click on the Syslog server card and fill in the following details:
- Integration name - Provide an integration name.
- Description (optional) - Provide a description for integration.
- Host and Port - Configure the server host address and the port number. These are mandatory fields.
-
Credentials (optional)
-
Account Token Details (optional) - The account token details are composed of Account ID and PEN (Private Enterprise Number).
- Server CA Certificate (optional) - You can configure the server CA certificate independently of account token details. This is the server CA certificate details of your Syslog server.
Syslog Connection Matrix¶
| Syslog Protocol | Platform IgnoreSSL | Platform Test Connection | Notification Received | Notes |
|---|---|---|---|---|
| UDP | — | Failed | Failed | UDP not supported |
| TCP | True | Successful | Successful | — |
| TCP | False | Failed | Failed | — |
| TLS | False | Successful | Successful | Need to provide Server CA Certificate |
| TLS | True | Successful | Failed | Test succeeds without certificate, but notification fails if certificate is not provided |
| TLS | — | Successful | Successful | Server CA Certificate required if CA is not public |
Troubleshooting¶
For debugging Syslog integration issues, see Syslog Debugging Guide.
Related Documentation¶
Support¶
For Syslog integration assistance, contact: support@harness.io