External Logging Config

Install an HTTP Plugin

You will need an http plugin for Logstash or Splunk to send the data to the SIEM / logging platform of your choice. You can get more information and find the downloads at the following links:

Splunk: http://dev.splunk.com/view/event-collector/SP-CAAAE6M
Logstash:https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html

Configure External Logging

Webhooks are the best way to get your logs from Device42 to your external logging platform. Begin by setting up a webhook endpoint:

  • Begin by navigating to “Tools -> Webhooks -> Endpoints — [Your Splunk / Logstash instance is your endpoint].
    From this page, click the “Add Webhook Action” button in the upper right [highlighted]:

Add webhook endpoint for logging

Choose Data to Send to Logstash / Splunk

Now that you’ve set up your endpoint, configure the log data that you’d like to send to Logstash and/or Splunk.

  • Navigate to “Tools -> Webhooks -> Actions.

Select all the actions you’d like to have sent to your logging solution:

Add webhook action

You can now select your webhook action(s). Choose the Endpoint you created above:
Choose webhook actions to forward to SIEM

Configure Log Storage Duration

You can also navigate to “Tools -> Settings -> Log Integration to choose how long you want to keep logs in your log solution to save space.

Change Log Integration Settings