Send PacketViper logs to 3rd party Event Manager

PacketViper can be configured to forward its logs to any 3rd party event manager via SYSLOG. This is useful should the customer wish to integrated PacketViper logging into a current solution for long term storage or leverage existing alerting and monitoring with the solution.

By default, PacketViper will send the Syslog messages on UDP port 514. To use a different port, append a colon and a port number to the IP address of the Syslog server. For example “192.168.1.234:9999” to send the messages on port 9999. Here is a list of facilities and log levels for the various events:

• PacketViper Events – Facility “local0”, various log levels

• Filter Events – Facility “kern”, log level “notice”

• System Messages – Various facilities and log levels

• IDS Events – Facility “local1”, log level “info”

 

• Related Articles

• PacketViper Admin Guide - Version 5.9

  The v5 Admin Guide contains how-to information on configuration and policy creation scenarios as well as usage details to customize your PacketViper solution. Published: June, 2023

• How can I isolate IP, Company, or Country Traffic?

  Throughout PacketViper you are able to view only the traffic you have selected in real-time.  By clicking on the:   IP Address - Once you NetCheck an IP address you can select the LOGS tab, and you will see the IP selected traffic. Company and ...

• Custom Rules: Purpose of Interception Rules

  Within the Custom Rules, you can create rules that intercept specific types of connections. In addition craft a custom message for the source which matches the custom rules. In order for the interception to function properly, an IP address must be ...

• Some Common High-Risk Ports

  In PacketViper we will often use deception and dynamic perimeter technology to trap, observe, alert, and respond to certain patterns of traffic.  One of the most invaluable tools in that sort of pattern analysis is the target or destination port that ...