How to route maillogs to a SIEM or other RSYSLOG server

Version 4

    With the 7.1.2 release, maillogs can now be sent to a RSYSLOG server of your choice. To route maillogs to a SIEM or other RSYSLOG server, use the commands below. To route alerts from detection events, please see the "Configuring RSYSLOG Notifications" instructions for either WebUI or CLI provided in the relevant appliance User Guide.

    logging <rsyslog_server_address> trap none

    logging <rsyslog_server_address> trap override class mail priority info

    write memory

     

    Note:

    • The EX 7.6.0 release adds the ability to specify protocol (UDP or TCP), port and whether to use a TLS encrypted tunnel.