Syslog Sender
Syslog Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
#
OverviewUse the Syslog Sender integration to send messages in RFC 5424 message format and mirror incident War Room entries to Syslog.
#
Use Cases- Send messages to Syslog via TCP or UDP or TLS.
- Mirror incident war room entries to Syslog.
#
Configure Syslog Sender on Cortex XSOAR#
Usage example for rsyslogTo allow sending messages to rsyslog via Cortex XSOAR, the following lines have to be in the rsyslog configuration:
For TCP:
For UDP:
#
Integration configuration- Navigate to Settings > Integrations > Servers & Services.
- Search for Syslog Sender.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- IP Address (e.g. 127.0.0.1)
- Port
- Protocol (TCP / UDP)
- Minimum severity of incidents to send messages on
- Log level to send
- Facility
- Long running instance. Required for investigation mirroring.
- Incident type
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- mirror-investigation
- send-notification
#
1. mirror-investigationMirrors the investigation's War Room to syslog.
#
Base Commandmirror-investigation
#
InputArgument Name | Description | Required |
---|---|---|
type | The mirroring type. Can be "all", which mirrors everything, "chat", which mirrors only chats (not commands), or "none", which stops all mirroring. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!mirror-investigation
#
Human Readable OutputInvestigation mirrored successfully.
#
2. send-notificationSends a message to syslog.
#
Base Commandsend-notification
#
InputArgument Name | Description | Required |
---|---|---|
message | The message content. | Optional |
entry | An entry ID to send as a link. | Optional |
ignoreAddURL | Whether to include a URL to the relevant component in Cortex XSOAR. Can be "true" or "false". The default value is "false'. | Optional |
level | Log level to send. Can be "DEBUG", "INFO", "WARNING", "ERROR", or "CRITICAL". | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!send-notification message=Test ignoreAddURL=true
#
Human Readable OutputMessage sent to Syslog successfully.
#
3. syslog-sendSend a message to Syslog
#
Base Commandsyslog-send
#
InputArgument Name | Description | Required |
---|---|---|
message | The message content. | Optional |
level | The log level to send. Can be "DEBUG", "INFO", "WARNING", "ERROR", or "CRITICAL". | Optional |
address | The Syslog server address. | Optional |
protocol | The protocol to use | Optional |
port | The Syslog server port (required for TCP or UDP protocols). | Optional |
facility | The Syslog facility. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!syslog-send address=127.0.0.1 port=514 protocol=TCP message=yo level=ERROR
#
Human Readable OutputMessage sent to Syslog successfully.
#
TroubleshootingMake sure you can access the Syslog server on the provided IP address and the port is open.