Integrate using syslog protocol

Learn how to send alerts notification and audit events by using the Syslog protocol.

Syslog is an event logging protocol that applications use to send messages to a central location, such as a SIEM or a syslog collector, for data retention and security investigations. With the StackRox Kubernetes Security Platform, you can send alerts and audit events using the syslog protocol.

  • Forwarding events by using the syslog protocol requires the StackRox Kubernetes Security Platform version 3.0.52 or newer. If you are on an older version, see the Upgrade StackRox topic for upgrade instructions.
  • When you use the syslog integration, the StackRox Kubernetes Security Platform forwards both violation alerts that you configure and all audit events.
  • Currently, the StackRox Kubernetes Security Platform only supports CEF (Common Event Format).

To forward alerts from the StackRox Kubernetes Security Platform by using the syslog protocol:

  1. Set up a syslog events receiver to receive alerts.
  2. Use the receiver’s address and port number to set up notifications in the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.

After the configuration, the StackRox Kubernetes Security Platform automatically sends all violations and audit events to the configured syslog receiver.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform.

  1. Navigate to Platform Configuration > Integrations.
  2. Under the Plugins section, select Syslog.
  3. Select the New Integration icon.
  4. Enter a name for Integration Name.
  5. Select the Logging Facility value. This may be local0 through local7.
  6. Enter your Receiver Host address and Receiver Port number.
  7. If you’re using TLS, turn on the Use TLS toggle.
  8. If your syslog receiver uses a certificate that’s not trusted, turn on the Disable TLS Certificate Validation (Insecure) toggle. (You can configure Custom trusted Certificate Authorities during installation, contact StackRox Support for more details.) Otherwise, leave this toggle off.
  9. Verify that the Integration Active toggle is on.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.