Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: How to configure the Syslog Connector to pull data from Multiple Orgs

Cb Defense: How to configure the Syslog Connector to pull data from Multiple Orgs

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Syslog Connector: All Versions

Objective

How to configure a single Cb Defense Syslog Connector to pull data from multiple Organizations.

Resolution

This configuration can be done by modifying the Config File located at /etc/cb/integrations/cb-defense-syslog/cb-defense-syslog.conf.

The Example Config File shows how to configure multiple orgs:

#
# For more than one Cb Defense Server, add another server using the following template including the stanza
#
#[cbdefenseserver2]
#connector_id = F8KF111111
#api_key = WT9T3QDP4UGCK2NS96111111
#server_url = https://server2.yourcompany.com

As an example for a three Org configuration, with the first server configured at the top of the configuration file, the bottom of the file would look like:

#

# For more than one Cb Defense Server, add another server using the following template including the stanza

#

[cbdefenseserver2]

connector_id = F8KF111111

api_key = WT9T3QDP4UGCK2NS96111111

server_url = https://server2.yourcompany.com

[cbdefenseserver3]

connector_id = B7NH111111

api_key = NMVCDP4UGCK2NS96111111

server_url = https://server3.yourcompany.com

Additional Notes

Related Content

Cb Defense: How to configure cb-defense-syslog.conf for SIEM Connectors

Cb Defense: What does a Sample Syslog Output look like?

Cb Defense: Can Authorized IP field be left blank when setting up a new connector?

Cb Defense: What type of IP Addresses can be used for SIEM Connectors?

Labels (1)
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎06-22-2018
Views:
1841
Contributors