CyberArk PAM

Configure the Vault to Forward syslog Messages to PTA

The system logger of the Vault must be configured to send logging data to the PTA machine for real-time data analysis.

 

When PTA is configured with Vaults deployed in a distributed environment, configure the primary and satellite Vaults.

[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=<port number>
SyslogServerIP=<server IP>
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=4,17,22,24,31,38,57,60,88,130,142,145,148,149,170,183,185,295,300,301,302,303,306,307,308,344,346,359,360,361,362,372,373,374,375,376,377,378,379,380,381,411,412,414,416,418,426,434,463
UseLegacySyslogFormat=No

Specify the following information:

The following example shows how to send different syslog messages to multiple syslog servers.

[SYSLOG]
SysLogTranslatorFile=Syslog\Arcsight.sample.xsl,Syslog\QRadar.xsl,Syslog\PTA.xsl
SyslogServerPort=<port number>
SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3
SyslogServerProtocol=UDP
UseLegacySyslogFormat=Yes,Yes,No
SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427

For more detailed instructions about integrating SIEM applications, see Security Information and Event Management Applications.

[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=<port number>
SyslogServerIP=<server IP>
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471
UseLegacySyslogFormat=No

The following example shows how to send different syslog messages to multiple syslog servers.

[SYSLOG]
SysLogTranslatorFile=Syslog\Arcsight.sample.xsl,Syslog\QRadar.xsl,Syslog\PTA.xsl
SyslogServerPort=<port number>
SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3
SyslogServerProtocol=UDP
UseLegacySyslogFormat=Yes,Yes,No
SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471

For more detailed instructions about integrating SIEM applications, see Security Information and Event Management Applications.

Source: https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm

CyberArk PAM Integration Procedures  

Please provide the following information to CyTech 

Requirements:Collect logs via syslog over UDP or TCP


  *Syslog Host-> Syslog Collector IP address where the Elastic-Agent is installed.
  *Syslog Port-> Port Number (Please identify if TCP or UDP)

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance. 


Revision #6
Created 16 January 2025 08:49:02 by Richmond Abella
Updated 12 February 2025 12:00:00 by Richmond Abella