Section – Syslog Forwarding

Specifies the hostname (IPv4 only) or IP address of the remote log host, which will receive the Airlock Gateway messages specified in Log Level section. This is useful for centralized log management and monitoring system.

Specifies the destination port, i.e. 514 (default value) or 6514 for SSL. An alternative port can be specified.

Specifies the format of the messages that are sent to the log host. Valid options to choose from are Raw (No processing, so some messages are plain text, others JSON), CEF (for SIEM systems), or JSON.

CEF format is only available for request summaries and blocked requests.

Specifies the type of transport used for remote logging. Valid options to choose from are UDP (classic syslog), TCP (syslog-ng and other newer syslogs) or SSL.

For details on using SSL with client certificates, see Syslog forwarding with SSL.

Using syslog, system related events and system errors are sent to the configured loghosts.

Using syslog, the summary line of each request handled by Airlock Gateway is sent to the loghosts specified above.

Using syslog, blocked request information is sent to the configured loghosts.

Using syslog, events related to web requests are sent to the configured loghosts.

Specifies a RegEx pattern to match against the text body of a message. Headers are not considered. All matching messages are sent to the configured loghosts—i.e., servers or services that receive logs via syslog.

The following characters must be escaped with a preceding backslash if they are to be included as normal characters:
“()[].*?+^$|\.

Example

\"log_id\":\"WR-SG-(?:BACK-50[02]|REJECT-[0-9]+|SESS-004)\"