App Control supports integration of its event information with Syslog servers using several formats.
You configure Syslog integration on the Events tab of the System Configuration page, described in the “System Configuration” chapter of the App Control User Guide or in online Help in the App Control Console. Upgrades from previous releases retain the format setting they had.
The supported formats are:
- Basic (RFC3164)– the default for upgrades from some previous releases
- Enhanced (RFC5424) – a newer standard; the default for new installations
- CEF (HP ArcSight) – the format to use to integrate App Control event logs with HP ArcSight ESM or HP ArcSight Logger
- LEEF (IBM Q1 Labs) – the format to user to integrate App Control event logs with IBM Security QRadar Log Manager or IBM Security QRadar SIEM
Note: Manually enabled, custom Syslog formatting will be overwritten on upgrade to this version of App Control. See “Setting Up External Event Logging” in the
App Control User Guide for instructions on configuring the App Control Server for CEF syslog formatting.
