Section – Syslog Forwarding
Destination Host
Specifies the hostname (IPv4 only) or IP address of the remote log host, which will receive the Airlock Gateway messages specified in Log Level section. This is useful for centralized log management and monitoring system.
Destination Port
Specifies the destination port, i.e. 514 (default value) or 6514 for SSL. An alternative port can be specified.
Log Format
Specifies the format of the messages that are sent to the log host. Valid options to choose from are Raw (No processing, so some messages are plain text, others JSON), CEF (for SIEM systems), or JSON.
CEF format is only available for request summaries and blocked requests.
Transport
Specifies the type of transport used for remote logging. Valid options to choose from are UDP (classic syslog), TCP (syslog-ng and other newer syslogs) or SSL.
For details on using SSL with client certificates, see Syslog forwarding with SSL.
System Errors
Using syslog, system related events and system errors are sent to the configured loghosts.
Request Summaries
Using syslog, the summary line of each request handled by Airlock Gateway is sent to the loghosts specified above.
Blocked Requests
Using syslog, blocked request information is sent to the configured loghosts.
Events
Using syslog, events related to web requests are sent to the configured loghosts.
Specific Messages
Specifies a RegEx pattern to match against the text body of a message. Headers are not considered. All matching messages are sent to the configured loghosts—i.e., servers or services that receive logs via syslog.
The following characters must be escaped with a preceding backslash if they are to be included as normal characters:“()[].*?+^$|\.
Example
\"log_id\":\"WR-SG-(?:BACK-50[02]|REJECT-[0-9]+|SESS-004)\"
A weak filter matches many log messages, resulting in a high volume of messages being forwarded. This can negatively impact performance.
- Configure the filter to be as strict as possible.
- Messages with the checkbox enabled are logged, regardless of any RegEx pattern specified in Specific Messages.
- Messages that match the RegEx pattern are also logged—i.e., in addition to messages with the checkbox enabled.
- If the RegEx field is left empty, it does not match any messages and has no effect on logging.