# Varonis (syslog)

In this guide, you will create a new entry in the Varonis DatAlert syslog configuration. This is required in order to send Varonis DatAlert events to Radiant Security through a relay server, which adds an extra layer of security.

### Add the data connector in Radiant Security

First, you’ll add the Varonis data connector in Radiant Security.

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Varonis DatAlert (syslog)** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Varonis** **DatAlert (syslog)** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Varonis`). If you already have a credential in place, select it from the drop-down menu.
6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step.
7. Click **Add Connector** to save the changes.
8. Click **Done** to save your changes.

### Configure the Radiant Security Security Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up the Radiant Security Agent.

### Configure syslog forwarding in Varonis

1. Log in to **Varonis**.
2. In **Data Advantage**, select **Tools** > **DatAlert**.
3. On the menu, click **Configuration.**
4. In **Syslog Message Forwarding**, enter the following:
   * **Syslog Server**: `<Radiant Agent Local IP Address>`
   * **Port**: `<Radiant Agent Port>`
   * **Facility Name**: `1 - user-level messages`
5. Click **OK**.
6. In the menu, click **Alert Templates**.
7. Select **Varonis LEEF Template** and click **Edit Alert Template**.

<figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FvWLJczRXGRCi2aDoFuO3%2FVaronis_04.webp?alt=media&#x26;token=62acf9c3-9070-47b4-a236-4663e3d312ea" alt=""><figcaption></figcaption></figure>

8. On **Apply to alert methods**, select **Syslog message**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F5qdfSA3HN05nCZ7659kJ%2FVaronis_05.webp?alt=media&#x26;token=198ac17a-5047-4c2c-bc83-8a6464c6443b" alt=""><figcaption></figcaption></figure></div>

9. Click **OK**.

### Configure multiple rules to forward syslog alerts

1. Still in Varonis, in the **DatAlert** rules table, select the desired rules, then click **Edit Rule**
2. On the left menu, select **Alerts Method**
3. Click the **Edit icon** and select the **Syslog message checkbox**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F3Y9LZ30XI1tToU6TIQeG%2FVaronis_06.webp?alt=media&#x26;token=ab3683c1-a738-4bc0-9a70-e5f727ecd24a" alt=""><figcaption></figcaption></figure></div>

4. Click **OK.**