Hello Muhammad Fadzil AB Razak,
Here, at syslog-ng side, we send Imperva logs (to port 10514, but it works with any unused UDP port) to our syslog-ng server (used in conjunction with Splunk) with following entries on /etc/syslog-ng/syslog-ng.conf:
source s_udp_impervaDAM_10514 {
udp(ip("0.0.0.0") port(10514));
};
destination d_impervaDAM {
file("/path/to/syslog-ng/logs/${HOST}/${HOST}.log");
}
log { source(s_udp_impervaDAM_10514); destination(d_impervaDAM); };
With this settings and configuring DAM with docs provided by Syed and Agustin, you'll have success to send logs to you syslog/siem server.
PS: Don't forget to set some log rotation configuration, to avoid increase and full disk space on your syslog-ng server.
I hope it helps
Regards
------------------------------
Uiliam de Mello
Information Security Analyst
Brazil
------------------------------
Original Message:
Sent: 08-27-2024 01:32
From: Muhammad Fadzil AB Razak
Subject: Configuring syslog-ng for DAM MX and Gateway
Hi Everyone,
Been going through some documentations on how to configure syslog-ng for MX and Gateway.As i am relatively quite new to Imperva products would appreciate if someone can point me to the correct guide.I have come across 2 documentations while reading up,can someone on the community kindly validate that i am looking at the correct documentation for setting up syslog-ng for DAM mx and gateway.Thank you and much appreciated
#DatabaseActivityMonitoring
------------------------------
Muhammad Fadzil AB Razak
Associate Engineer
Ensign InfoSecurity (Systems) Pte Ltd.
Singapore
------------------------------