Configure Varonis to forward syslog to Radiant Security
Overview
In this guide, you will create a new entry in the Varonis DatAlert syslog configuration. This is required in order to send Varonis DatAlert events to Radiant Security through a relay server, which adds an extra layer of security.
To do this, you’ll need to complete the following configuration steps:
- Add the data connector in Radiant Security
- Configure the Radiant Security Security Agent
- Configure syslog forwarding in Varonis
- Configure multiple rules to forward syslog alerts
Add the data connector in Radiant Security
First, you’ll add the Varonis data connector in Radiant Security.
Configure the Radiant Security Security Agent
Refer to the Install the Radiant Security Agent guide to set up the Radiant Security Agent.
Configure syslog forwarding in Varonis
-
Log in to Varonis.
-
In Data Advantage, select Tools > DatAlert.
-
On the menu, click Configuration.
-
In Syslog Message Forwarding, enter the following:
- Syslog Server:
<Radiant Agent Local IP Address>
- Port:
<Radiant Agent Port>
- Facility Name:
1 - user-level messages
- Syslog Server:
-
Click OK.
-
In the menu, click Alert Templates.
-
Select Varonis LEEF Template and click Edit Alert Template.
-
On Apply to alert methods, select Syslog message.
-
Click OK.
Configure multiple rules to forward syslog alerts
-
Still in Varonis, in the DatAlert rules table, select the desired rules, then click Edit Rule
-
On the left menu, select Alerts Method
-
Click the Edit icon and select the Syslog message checkbox.
- Click OK.
We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai
Last updated: 2025-05-28