Red Canary’s syslog integration allows you to send syslog messages to a syslog receiver as part of an automation playbook.
The most common use of the syslog action is sending data to a SIEM or log collection platform, though we recommend using webhooks whenever possible because they are more modern, customizable, and reliable.
To send a syslog message as part of an automation playbook:
- Within any playbook, click Add Action.
- Click Syslog > Send Syslog Message > Add to Playbook.
- Specify the Server Domain/IP that is configured to receive messages. If you are using source restriction, the IP addresses that messages need to be allowed from are listed.
- Specify the Server Port that messages should be sent to.
- Select the Syslog Program, Syslog Facility, and Syslog Severity that you want messages from Red Canary to use.
- Specify the syslog Message that you want sent to the syslog receiver.
- Click Save.
What if my syslog server doesn’t support TLS/SSL?
Be very careful about the security of any application that is exposed to the internet. At a minimum, use IP source restrictions to only allow traffic from trusted sources (the IP addresses used by Red Canary are specified on the syslog action configuration form).
To disable Red Canary’s TLS/SSL requirement, set the Protocol to TCP or UDP.