Environment
- Cb Defense Web Console: All Versions
- Cb Defense Syslog Connector: All Versions
Objective
How to configure a single Cb Defense Syslog Connector to pull data from multiple Organizations.
Resolution
This configuration can be done by modifying the Config File located at /etc/cb/integrations/cb-defense-syslog/cb-defense-syslog.conf.
The Example Config File shows how to configure multiple orgs:
# # For more than one Cb Defense Server, add another server using the following template including the stanza # #[cbdefenseserver2] #connector_id = F8KF111111 #api_key = WT9T3QDP4UGCK2NS96111111 #server_url = https://server2.yourcompany.com
|
As an example for a three Org configuration, with the first server configured at the top of the configuration file, the bottom of the file would look like:
# # For more than one Cb Defense Server, add another server using the following template including the stanza # [cbdefenseserver2] connector_id = F8KF111111 api_key = WT9T3QDP4UGCK2NS96111111 server_url = https://server2.yourcompany.com [cbdefenseserver3] connector_id = B7NH111111 api_key = NMVCDP4UGCK2NS96111111 server_url = https://server3.yourcompany.com |
Additional Notes
Related Content
Cb Defense: How to configure cb-defense-syslog.conf for SIEM Connectors
Cb Defense: What does a Sample Syslog Output look like?
Cb Defense: Can Authorized IP field be left blank when setting up a new connector?
Cb Defense: What type of IP Addresses can be used for SIEM Connectors?