Section – Syslog Forwarding

Specifies the hostname (IPv4 only) or IP address of the remote log host—i.e., a server or service that receives logs via syslog. The log host will receive the Airlock Gateway messages specified in Log Level section. This is useful for centralized log management and monitoring system.

Specifies the destination port, i.e. 514 (default value) or 6514 for SSL. An alternative port can be specified.

Specifies the format of the messages that are forwarded to the configured log host. Valid options to choose from are Raw (No processing, so some messages are plain text, others JSON), CEF (for SIEM systems), or JSON.

CEF format is only available for request summaries and blocked requests.

Specifies the type of transport used for remote logging. Valid options to choose from are UDP (classic syslog), TCP (syslog-ng and other newer syslogs) or SSL.

For details on using SSL with client certificates, see Syslog forwarding with SSL.

Using syslog, system related events and system errors are forwarded to the configured log host.

Using syslog, the summary line of each request handled by Airlock Gateway is forwarded to the configured log host.

Using syslog, blocked request information is forwarded to the configured log host.

Using syslog, events related to web requests are forwarded to the configured log host.

Specifies a RegEx pattern to match against the text body of a message. Headers are not considered. All matching messages are forwarded to the configured log host.

The following characters must be escaped with a preceding backslash if they are to be included as normal characters:
“()[].*?+^$|\.

Example

\"log_id\":\"WR-SG-(?:BACK-50[02]|REJECT-[0-9]+|SESS-004)\"