AppGate SDP appliance logs can be transferred to an external Security Information and Event Management (SIEM) system (e.g., SolarWinds Security Event Manager, Splunk Enterprise Security) from AppGate SDP appliances using rsyslog.
Rsyslog is an open-source software utility used for forwarding log messages in an IP network, and is not an inherently secure protocol. Log transmissions can be secured by configuring both systems to communicate using Transport Layer Security (TLS).
Configuring secure log transfer using TLS requires a remote server with rsyslog (version 8.16.0 or higher) and the GnuTLS plugin installed.
See Secure Log Transfer via rsyslog in the AppGate SDP Admin Guide for configuration details.
Once configured, AppGate SDP appliance logs will be forwarded to the remote server and stored in the /var/log/syslog file. To verify that messages are being sent, check the /var/log/syslog file on the remote rsyslog server, or perform tcpdump on the remote rsyslog server using the following command:
sudo tcpdump -i <interface> port 10514