Configuration

Configure Logs and Connect Delinea Secret Server to the Syslog Agent

Configure Delinea Secret Server to forward Syslog messages in CEF format to your Microsoft workspace via the Syslog agent. If you don’t have a log forwarding server, click here for instructions on how to get one up and running.

  1. In the Microsoft Sentinel portal:

    1. Select Data connectors.

    2. For a manual import, select Import.

      3. Click here to download the Delinea Secret Server Connector zip.

    3. Select Delinea Secret Server.

    4. Open the Connector page.

    alt

Configure Sending Syslog Data to the Log Forwarding Server

The following instructions explains how to configure sending Syslog data to the log forwarding server.

  1. Go to Administration > Actions > Configuration.

    alt

  2. Select the General tab.

  3. Select Edit at the bottom of the page.

  4. Go to the Application Settings section.

  5. Select the Enable Syslog/CEF Logging check box and the Syslog/CEF section displays.

    1. Enter the IP address or name for the IIS server hosting the Syslog/CEF server in the Syslog/CEF Server field.

    2. Enter the port number where the logging information will be passed (6514 is the default port for secure TCP syslog) in the Syslog/CEF Port field.

    3. Click the Syslog/CEF Protocol dropdown list and select Secure TCP.

    4. Select Syslog/CEF Time Zone list box to UTC Time or Server Time, depending on your preference.

  6. Select Save.

  7. To validate your connection and verify data ingestion click here. It may take up to 20 minutes before your logs appear in Log Analytics.