# Varonis (syslog)

In this guide, you will create a new entry in the Varonis DatAlert syslog configuration. This is required in order to send Varonis DatAlert events to Radiant Security through a relay server, which adds an extra layer of security.

### Add the data connector in Radiant Security

First, you’ll add the Varonis data connector in Radiant Security.

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Varonis DatAlert (syslog)** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Varonis** **DatAlert (syslog)** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Varonis`). If you already have a credential in place, select it from the drop-down menu.
6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step.
7. Click **Add Connector** to save the changes.
8. Click **Done** to save your changes.

### Configure the Radiant Security Security Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up the Radiant Security Agent.

### Configure syslog forwarding in Varonis

1. Log in to **Varonis**.
2. In **Data Advantage**, select **Tools** > **DatAlert**.
3. On the menu, click **Configuration.**
4. In **Syslog Message Forwarding**, enter the following:
   * **Syslog Server**: `<Radiant Agent Local IP Address>`
   * **Port**: `<Radiant Agent Port>`
   * **Facility Name**: `1 - user-level messages`
5. Click **OK**.
6. In the menu, click **Alert Templates**.
7. Select **Varonis LEEF Template** and click **Edit Alert Template**.

<figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FvWLJczRXGRCi2aDoFuO3%2FVaronis_04.webp?alt=media&#x26;token=62acf9c3-9070-47b4-a236-4663e3d312ea" alt=""><figcaption></figcaption></figure>

8. On **Apply to alert methods**, select **Syslog message**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F5qdfSA3HN05nCZ7659kJ%2FVaronis_05.webp?alt=media&#x26;token=198ac17a-5047-4c2c-bc83-8a6464c6443b" alt=""><figcaption></figcaption></figure></div>

9. Click **OK**.

### Configure multiple rules to forward syslog alerts

1. Still in Varonis, in the **DatAlert** rules table, select the desired rules, then click **Edit Rule**
2. On the left menu, select **Alerts Method**
3. Click the **Edit icon** and select the **Syslog message checkbox**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F3Y9LZ30XI1tToU6TIQeG%2FVaronis_06.webp?alt=media&#x26;token=ab3683c1-a738-4bc0-9a70-e5f727ecd24a" alt=""><figcaption></figcaption></figure></div>

4. Click **OK.**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/varonis-syslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.