Suchen
SupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 10. Integrating by using the syslog protocol

download PDF

Syslog is an event logging protocol that applications use to send messages to a central location, such as a SIEM or a syslog collector, for data retention and security investigations. With Red Hat Advanced Cluster Security for Kubernetes, you can send alerts and audit events using the syslog protocol.

Note
  • Forwarding events by using the syslog protocol requires the Red Hat Advanced Cluster Security for Kubernetes version 3.0.52 or newer.
  • When you use the syslog integration, Red Hat Advanced Cluster Security for Kubernetes forwards both violation alerts that you configure and all audit events.
  • Currently, Red Hat Advanced Cluster Security for Kubernetes only supports CEF (Common Event Format).

The following steps represent a high-level workflow for integrating Red Hat Advanced Cluster Security for Kubernetes with a syslog events receiver:

  1. Set up a syslog events receiver to receive alerts.
  2. Use the receiver’s address and port number to set up notifications in the Red Hat Advanced Cluster Security for Kubernetes.

After the configuration, Red Hat Advanced Cluster Security for Kubernetes automatically sends all violations and audit events to the configured syslog receiver.

10.1. Configuring syslog integration with Red Hat Advanced Cluster Security for Kubernetes

Create a new syslog integration in Red Hat Advanced Cluster Security for Kubernetes (RHACS).

Procedure

  1. In the RHACS portal, go to Platform Configuration Integrations.
  2. Scroll down to the Notifier Integrations section and select Syslog.
  3. Click New Integration (add icon).
  4. Enter a name for Integration Name.
  5. Select the Logging Facility value from local0 through local7.
  6. Enter your Receiver Host address and Receiver Port number.
  7. If you are using TLS, turn on the Use TLS toggle.
  8. If your syslog receiver uses a certificate that is not trusted, turn on the Disable TLS Certificate Validation (Insecure) toggle. Otherwise, leave this toggle off.

  9. Click Add new extra field to add extra fields. For example, if your syslog receiver accepts objects from multiple sources, type source and rhacs in the Key and Value fields.

    You can filter using the custom values in your syslog receiver to identify all alerts from RHACS.

  10. Select Test (checkmark icon) to send a test message to verify that the integration with your generic webhook is working.
  11. Select Create (save icon) to create the configuration.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.