CyberArk PAM

Configure the Vault to Forward syslog Messages to PTA

The system logger of the Vault must be configured to send logging data to the PTA machine for real-time data analysis.

 

When PTA is configured with Vaults deployed in a distributed environment, configure the primary and satellite Vaults.

[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=<port number>
SyslogServerIP=<server IP>
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427
UseLegacySyslogFormat=No

Specify the following information:

The following example shows how to send different syslog messages to multiple syslog servers.

[SYSLOG]
SysLogTranslatorFile=Syslog\Arcsight.sample.xsl,Syslog\QRadar.xsl,Syslog\PTA.xsl
SyslogServerPort=<port number>
SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3
SyslogServerProtocol=UDP
UseLegacySyslogFormat=Yes,Yes,No
SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427

For more detailed instructions about integrating SIEM applications, see Security Information and Event Management Applications.

[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=<port number>
SyslogServerIP=<server IP>
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471
UseLegacySyslogFormat=No

The following example shows how to send different syslog messages to multiple syslog servers.

[SYSLOG]
SysLogTranslatorFile=Syslog\Arcsight.sample.xsl,Syslog\QRadar.xsl,Syslog\PTA.xsl
SyslogServerPort=<port number>
SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3
SyslogServerProtocol=UDP
UseLegacySyslogFormat=Yes,Yes,No
SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471

For more detailed instructions about integrating SIEM applications, see Security Information and Event Management Applications.

Source: https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm

CyberArk PAM Integration Procedures  

Please provide the following information to CyTech 

Requirements:Collect logs via syslog over UDP or TCP


  *Syslog Host-> Syslog Collector IP address where the Elastic-Agent is installed.
  *Syslog Port-> Port Number (Please identify if TCP or UDP)

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance. 


Revision #3
Created 16 January 2025 08:49:02 by Richmond Abella
Updated 17 January 2025 09:46:49 by Richmond Abella