Abstract
Learn how to set up and activate the Syslog Collector applet on a Broker VM within your network.
Notice
Ingesting logs and data from external sources requires a Cortex XDR Pro per GB license.
To receive Syslog data from an external source, you must first set up the Syslog Collector applet on a Broker VM within your network. The Syslog Collector supports a log ingestion rate of 90,000 logs per second (lps) with the recommended Broker VM setup.
To increase the log ingestion rate, you can add additional CPUs to the Broker VM. The Syslog Collector listens for logs on specific ports and from any or specific IP addresses.
Perform the following procedures in the order listed below.