# CyberArk PAM ##### Configure the Vault to Forward syslog Messages to PTA The system logger of the Vault must be configured to send logging data to the PTA machine for real-time data analysis.
When PTA is configured with Vaults deployed in a distributed environment, configure the primary and satellite Vaults.
[To Configure syslog on the Vault Machine (until Vault v10.4):](https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm)
1.From the installation package, copy PTA.xsl to the Syslog subdirectory of the Vault installation folder. By default, the subdirectory is: C:\\Program Files (x86)\\PrivateArk\\Server\\Syslog.
2.In the same server installation folder,by default C:\\Program Files (x86)\\PrivateArk\\Server, open dbparm.ini and add the following lines:
\[SYSLOG\] SyslogTranslatorFile=Syslog\\PTA.xsl SyslogServerPort=<port number> SyslogServerIP=<server IP> SyslogServerProtocol=UDP SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427 UseLegacySyslogFormat=No Specify the following information: The following example shows how to send different syslog messages to multiple syslog servers. \[SYSLOG\] SysLogTranslatorFile=Syslog\\Arcsight.sample.xsl,Syslog\\QRadar.xsl,Syslog\\PTA.xsl SyslogServerPort=<port number> SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3 SyslogServerProtocol=UDP UseLegacySyslogFormat=Yes,Yes,No SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427 For more detailed instructions about integrating SIEM applications, see [Security Information and Event Management Applications](https://docs.cyberark.com/pam-self-hosted/11.3/en/content/PASIMP/Integrating-with-SIEM-Applications.htm).
[To Configure syslog on the Vault Machine (from Vault v10.5):](https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm)
1.The PTA syslog parameters are available in the **dbparm.sample.ini** file. Copy the parameters to the **dbparm.ini** configuration file.
\[SYSLOG\] SyslogTranslatorFile=Syslog\\PTA.xsl SyslogServerPort=<port number> SyslogServerIP=<server IP> SyslogServerProtocol=UDP SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471 UseLegacySyslogFormat=No The following example shows how to send different syslog messages to multiple syslog servers. \[SYSLOG\] SysLogTranslatorFile=Syslog\\Arcsight.sample.xsl,Syslog\\QRadar.xsl,Syslog\\PTA.xsl SyslogServerPort=<port number> SysLogServerIP=1.1.1.1,1.1.2.2,1.1.3.3 SyslogServerProtocol=UDP UseLegacySyslogFormat=Yes,Yes,No SyslogMessageCodeFilter=7,8,295|295-296|295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471 For more detailed instructions about integrating SIEM applications, see [Security Information and Event Management Applications](https://docs.cyberark.com/pam-self-hosted/11.3/en/content/PASIMP/Integrating-with-SIEM-Applications.htm). Source: *[https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm](https://docs.cyberark.com/pam-self-hosted/11.3/en/content/pta/configuring-vault-forward-syslog-messages.htm)* #### **CyberArk PAM Integration Procedures ** ##### Please provide the following information to CyTech: Requirements:Collect logs via syslog over UDP or TCP \*Syslog Host-> Syslog Collector IP address where the Elastic-Agent is installed. \*Syslog Port-> Port Number (Please identify if TCP or UDP) If you need further assistance, kindly contact our support at **support@cytechint.com** for prompt assistance and guidance.