Integrating Syslog CEF with Secret Server

Syslog is a standard protocol for sending log messages between systems. Common Event Format (CEF) is a standard format for security event data that includes fields such as time stamp, source IP address, event type, and severity. Together, Syslog and CEF enable consistent, interoperable logging across security tools and Security Information and Event Management (SIEM) systems.

With Syslog/CEF integration, Secret Server can send log messages to an external Syslog server or collector using UDP, TCP, or Secure TCP (TLS). Secret Server events can then be processed by SIEM systems and other security tools that support CEF. Configuration options include setting the Syslog server, port, protocol, site, time zone, and date-time format. For descriptions of the CEF data fields included in event messages, see Secret Server Reported Events.

Secret Server audit data can also be sent to external SIEM systems for centralized monitoring and compliance reporting. Secret Server logs all actions, including viewing or changing a secret. Audit logs can be viewed internally by clicking the View Audit button on the Secret View page or through the User Audit report. Audit logs are visible to anyone with the List permission and show the date, username, action, and other event details such as permission changes, users whose permissions were updated, and secret dependency information.

For more information about this Delinea integration, see Secure Syslog and CEF Logging.