Configure log and notification forwarding - Send Management Audit logs. Integration logs or Guard Rails to a syslog server. - Administrator Guide - 8.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation
Product
Cortex XSOAR
Version
8.13
Creation date
2026-02-12
Last date published
2026-05-27
Category
Administrator Guide
Solution
On-prem
Abstract

Send Management Audit logs. Integration logs or Guard Rails to a syslog server.

You can send management audit logs, integration logs or guard rails log notifications to a syslog server.

Prerequisite

To forward logs and notifications to a syslog server, you must first add the syslog server. To add a syslog server, go to Settings & InfoSettingsIntegrationsSyslog ServersNew Server and enter the required configuration parameters.

  1. Navigate to Settings & InfoSettingsSystemNotificationsAdd Forwarding Configuration.

  2. Enter a name and a description for the configuration.

  3. From the Log Type list, select the option.

    • Management Audit Logs

    • Integration Logs

    • Guard Rails

  4. Click Next.

  5. Define the scope.

    To select a subset of the selected logs, click the filter button, select the relevant filters, and perform a search. For example, if you want to forward only notifications related to API keys, click the filter button, select Type, and then select the API Key value.

  6. Click Next.

  7. Select the syslog server.

  8. Click Save.