In order to integrate with syslog, there are several options.
We support syslog over TCP (plaintext and over TLS) as well as over UDP.
We support both RFC 3164 and RFC 5424. In addition to that, we support SonicWall extended syslog messages
Below is a list of endpoints and ports for each supported variant. We recommend TCP over TLS for most installations. However, some setups lack the needed flexibility, so fallback to plaintext TCP or UDP may be needed. In such cases there’s an option for a VPN tunnel (for enterprise customers), or a more complicated internal setup with a intermediate syslog forwarder.
syslog.logsentinel.com:514 - plaintext TCP
syslog.logsentinel.com:515 - TCP over TLS
syslogudp.logsentinel.com:1516 - plaintext UDP
We have a syslog configuration script which you can download and run configure-syslog.sh. It configures a syslog template that allows authenticating against LogSentinel Trails. The important line for authentication is this:
\$template LogSentinelFormat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected]$LOGSENTINEL_DISTRIBUTION_ID organizationId=\\\"$LOGSENTINEL_ORG_ID\\\" secret=\\\"$LOGSENTINEL_ORG_SECRET\\\" applicationId=\\\"$LOGSENTINEL_APP_ID\\\" tag=\\\"RsyslogTLS\\\"] %msg%\n\"
SonicWall and other devices can be authenticated using a syslogId that is configured per device. You can obtain the syslogId (which effectively comprises of an ID and secret) from the API credentials page.