Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Forcepoint NGFW (syslog)

      Configure Forcepoint NGFW Security Management Center (SMC) for syslog forwarding to Radiant Security.

      Forcepoint Next-Generation Firewall (NGFW) Security Management Center (SMC) is an administration console that unifies the control over all Forcepoint NGFWs deployed. This configuration integrates Forcepoint NGFW with Radiant Security in order to allow Radiant Security to collect and analyze data for alerts and events.

      Log entries are traffic-based events that are logged according to policy rules. An audit log entry is a special type of log entry that is not traffic-based, but instead provides a record of SMC administrative actions and some internal events like element updates and scheduled task executions.

      To complete this configuration, you’ll need to complete the following steps:

      Prerequisites

      • Access to Forcepoint SMC as admin
      • At least one running SMC Log Server

      Add the data connector in Radiant Security

      1.   Log in to Radiant Security.

      		  
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the Forcepoint NGFW (syslog) option from the list and then click Data Feeds. Screenshot 2024-05-06 at 10.38.22
      4.   Under Select your data feeds, select Forcepoint NGFW and click Credentials. Screenshot 2024-05-06 at 10.38.32

       
      5.   Under Credential Name, give the credential an identifiable name (e.g. Forcepoint NGFW Credentials).  
      6.   Under Required Credentials, in the Connector tag field enter a value. This value will act as the salt to randomize the unique Token you’ll download in the next step. Screenshot 2024-05-06 at 10.39.50

       
      7.   Click Add Connector.  
      8.   Copy and save the connector Token value using the clipboard option or download the Token file. You will need this token to complete the configuration.

      Screenshot 2024-05-06 at 10.40.37

       
      9.   Click Done to save your changes.  

      Configure a local Radiant Security Syslog Collector

      Refer to the Deploy a Radiant Security Syslog Collector guide to set up a local Radiant Syslog Collector.

      Configure log forwarding in Forcepoint SMC

      1. Sign in to your Forcepoint SMC.
      2. Click Home.
      3. Click Others > Log Server.
      4. Right-click the log server that you want to forward logs from, and then select Properties.

      Note: One Log Server element is automatically created during SMC installation. Repeat the following steps for all Log Servers.

      1. Click the Log Forwarding tab.

      2. Click Add and enter the following:

        • Service: UDP
        • Port: 6514
        • Format: select JSON
        • Data Type: select All Log Data

      3. Double-click the Target Host cell to open the Select Host dialog box.

        1. Click the Settings icon > New > Host.Untitled
        2. Enter Radiant-Security-Syslog
        3. Select the IP field and enter <Radiant's local syslog collector>

      4. Click OK.

      5. Select the new host and click Select.

      6. On the Log Server TLS Certificate box, select No client Authentication.

      7. Click OK.

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23