Syslog Collector applet - Learn more about the Broker VM Syslog Collector applet. - Administrator Guide

Syslog Collector applet - Learn more about the Broker VM Syslog Collector applet. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about the Broker VM Syslog Collector applet.

The Syslog Collector applet on a Broker VM enables you to collect Syslog data from an external source:

Syslog Collector applet	Description
How to activate Syslog Collector?	Activate Syslog Collector
How to ingest logs from a Syslog receiver?	Ingest logs from a Syslog receiver
Different types of vendor logs to ingest with a Syslog Collector applet:	Check Point FW1/VPN1 Cisco ASA firewalls and AnyConnect Corelight Zeek Forcepoint DLP Fortinet Fortigate Next-Generation Firewall PingFederate Zscaler Internet Access Zscaler Private Access
Links to content pack/integration details	The Syslog content pack enables automated issue creation by acting as a Syslog server for incoming logs, while also allowing the platform to act as a Syslog client to send messages and mirror investigation activities to external Syslog destinations. It contains the following integrations: Syslog Sender: Use this integration to send messages in RFC 5424 message format and mirror incident War Room entries to Syslog. It includes the `mirror-investigation`, `send-notification`, and `syslog-send` commands. Syslog v2: Use this integration to act as a long-running Syslog server, supporting RFC3164, RFC5424, and RFC6587 formats, which enables automatically opening issues from Syslog clients. This integration is configured using parameters such as Port mapping, Certificate, Private Key, and a Message Regex Filter for issue creation.