Generic Syslog

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

You can use a Jamf Security Cloud data stream to send event data to a syslog server.

Requirements
  • Super Admin privileges in Jamf Security Cloud

  • The connection details (hostname, port) for the server to which you want to send the events

  • A server that can accept syslog over TLS and uses a certificate signed by an authority in the Common CA Database

  • (If applicable) A firewall configured to allow external connections to the configured TCP port from the Data Stream IP addresses. These can be found under Advanced Settings on the Data Stream page in Jamf Security Cloud.

  • (If applicable) If using client authentication, add the Wandera CA as a trusted source.

  1. In Jamf Security Cloud, navigate to Integrations > Data Streams.
  2. Click New configuration.
  3. Select a data stream type.

    For more information about data stream types, see Jamf Security Cloud Data Stream Types and Targets.

  4. Select Generic Syslog as your data stream target type, and then click Continue.
  5. Configure your Syslog server:
    1. Enter a configuration name.
    2. Enter your syslog server name or IP address in the Server Hostname/IP field.
    3. Enter the port in the Port field.
  6. (Optional) Configure any Advanced settings:
    1. Choose the event framing method used to enable integration with tools that use an older method to frame syslog messages.
    2. Rename the default field names to suitable values.
    3. Define a value for an optional Token field that will be sent with each message.

      This can be used to authenticate the events on the server.

    4. Customize the log message and select which fields are included.
  7. Click Test Configuration.
  8. Use the Enable configuration switch to turn on the data stream.
  9. Click Save.

Events for the data stream type are sent to the configured server in real time.