PREVIOUS test.keep

NEXT unknown.unknown


Tag structure

The logs from Varonis DatAlert are labeled with the uba.varonis.audit tag.

For more information on how tags work, check the Introduction to tags article.

In-house Relay configuration

You can configure Varonis DatAlert to report the logs to Devo specifying an endpoint, destination port, and Syslog facility. It is necessary to send the logs to an In-house Relay that will tag them as uba.varonis.audit and forward them to Devo.

To create the rule, use the following fields: 

  • Source Port → 13004
  • Target Tag → uba.varonis.audit
  • Check the following box:
  • Send without tag

The new rule looks as follows:

Varonis DatAlert configuration

Configure Syslog message forwarding

  1. In DatAdvantage, select Tools → DatAlert. DatAlert is displayed.
  2. Select Configuration in the left menu.
  3. In Syslog Message Forwarding, enter the following information:
    • Syslog server IP address - The IP address of the Devo relay.
    • Port - The port on which the Devo relay will be listening according to the rule defined in the previous step.

Define a new template

Templates define the format of the alert messages sent from DatAlert, using Syslog, to Devo.

  1. In DatAlert, click Alert Templates in the left menu.

  2. Click the green plus sign to add a new alert template:
    1. Enter a template name.
    2. Open the Apply to alert methods dropdown list and select Syslog message.
    3. Select the parameters that you want to monitor.

Configure the rules to send the alerts to Devo

To send the events triggered by the rules to Devo, the alert must be transferred by creating a Syslog message. To do this, in DatAlert, go to the rules table and:

  1. Select the rule or rules and then click Edit Rule.
  2. Click Alert Method.
  3. Check the option Syslog message.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.


PREVIOUS test.keep

NEXT unknown.unknown