Integrate SIEM Syslog

SIEM integration with Identity as a Service allows audit logs to be sent to syslog through an Enterprise Service Gateway. The Syslog SIEM application downloads audit logs from Identity as a Service into your Enterprise Service Gateway and publishes them to your on-premise SIEM syslog server. For more information on audit logs, see View and export audit logs.

1. In Identity as a Service, go to

> Security > Applications. The Applications List page appears.

3. Under Identity as a Service Integrations, click SIEM Syslog. The Add SIEM Syslog page appears.

5. Optional. In the Application Description field, type a description for your application.

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

d. If required, resize your image.

e. Click OK.

d. Select the SIEM Agent from the drop-down list. This is the gateway that reroutes the logs to the syslog server.

a. Enter the Log Interval (in seconds) to specify how frequently the SIEM agent fetches the audits from Identity as a Service.

b. Select the Log Event Type from the drop-down list to set the type of audit logs sent to the syslog server (Authentication, Management, or All).

c. Select the Log Event Outcome from the drop-down list to set the type of audit log events sent to the syslog server (Success, Fail, All).

d. Select the Log Start Time to set how far back in history to log existing audits. Options include:

Note: This setting applies only when a new SIEM syslog application starts logging for the first time. After that, it logs any audits added since the last time it logged them. If you edit your SIEM syslog application at a later time, a Last Audit Logged Time field replaces this setting.