post
/public_api/v1/integrations/syslog/create
Create a new syslog integration.
You must have View/Edit Alert Notification permissions to run this endpoint.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/integrations/syslog/create'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}"
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/integrations/syslog/create", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/integrations/syslog/create")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"name": "string",
"address": "string",
"port": 0,
"protocol": "TCP",
"facility": "string",
"security_info": {
"certificate_name": "string",
"ignore_cert_errors": true,
"certificate_content": "string"
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/integrations/syslog/create");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/integrations/syslog/create")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": [
"name": "string",
"address": "string",
"port": 0,
"protocol": "TCP",
"facility": "string",
"security_info": [
"certificate_name": "string",
"ignore_cert_errors": true,
"certificate_content": "string"
]
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/integrations/syslog/create")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/integrations/syslog/create",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}",
CURLOPT_HTTPHEADER => [
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/integrations/syslog/create");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/integrations/syslog/create");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"name\":\"string\",\"address\":\"string\",\"port\":0,\"protocol\":\"TCP\",\"facility\":\"string\",\"security_info\":{\"certificate_name\":\"string\",\"ignore_cert_errors\":true,\"certificate_content\":\"string\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobjectA dictionary containing the API request fields.
A dictionary containing the API request fields.
namestringUnique name for the syslog server integration.
Unique name for the syslog server integration.
addressstringIP address or fully qualified domain name (FQDN) of the syslog server.
IP address or fully qualified domain name (FQDN) of the syslog server.
portintegerThe port number on which the syslog server listens for messages.
The port number on which the syslog server listens for messages.
protocolobject (Enum)Select a method of communication:
- TCP: No validation is made on the connection with the syslog server. However, if an error occurred with the domain used to make the connection, the Test connection will fail.
- UDP: No error checking, error correction, or acknowledgment. No validation is done for the connection or when sending data.
- TLS: Cortex validates the syslog server certificate and uses the certificate signature and public key to encrypt the data sent over the connection.
Select a method of communication:
- TCP: No validation is made on the connection with the syslog server. However, if an error occurred with the domain used to make the connection, the Test connection will fail.
- UDP: No error checking, error correction, or acknowledgment. No validation is done for the connection or when sending data.
- TLS: Cortex validates the syslog server certificate and uses the certificate signature and public key to encrypt the data sent over the connection.
Allowed values:"TCP""UDP""TLS"
facilitystringChoose one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.
Choose one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.
security_infoobjectThe security_info parameters are necessary only when protocol is TLS.
The security_info parameters are necessary only when protocol is TLS.
certificate_namestringWhen using TLS for communication between Cortex and the syslog server, Cortex validates that the syslog receiver has a certificate. Specify the certificate name here.
When using TLS for communication between Cortex and the syslog server, Cortex validates that the syslog receiver has a certificate. Specify the certificate name here.
ignore_cert_errorsbooleanWhether to ignore certificate errors. For security reasons, this is not recommended. If you set this to true, logs will be forwarded even if the certificate contains errors.
Whether to ignore certificate errors. For security reasons, this is not recommended. If you set this to true, logs will be forwarded even if the certificate contains errors.
certificate_contentstringbinaryBinary string of the certificate.
Binary string of the certificate.
REQUEST
{
"request_data": {
"address": "xdr-splunk-qa.traps.company.com",
"facility": "FAC_USER",
"name": "Syslog_PAPI_Test_7H55R76T",
"port": 5006,
"protocol": "TCP",
"security_info": "None"
}
}{
"request_data": {
"address": "xdr-splunk-qa.traps.paloaltonetworks.com",
"facility": "FAC_USER",
"name": "Syslog_PAPI_Test_2QYH3VGS",
"port": 5002,
"protocol": "TLS",
"security_info": {
"ignore_cert_errors": false
}
}
}Responses
OK
Body
application/json
syslog_integration_idinteger
namestring
RESPONSE
{
"syslog_integration_id": 630,
"name": "Test PAPI"
}Bad Request
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Payment Required
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Forbidden
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Internal Server Error
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}