Remote Logging

Enrich and compliment data collected by other SIEM systems with Cygna auditing records. Cygna Auditor enables you to configure integration with Splunk and any Syslog-compatible solution and feed collected data to your audit threads in native format.

Configuring Remote Logging

To set up remote logging, navigate to Configuration / System / Remote Logging.

For Syslog:

Specify the Syslog type, the remote server, as well as the port and protocol for connection.

For Splunk:

Specify the Splunk type, the Splunk URL, and access token. The data can be provided in JSON or rich text format.

Enabling Remote Logging for Reports

After you specified remote servers to feed data to, go to Reports and enable remote logging for each report you want to collect data for.

To do it, go to Reports, specify a report from the list, and then proceed to the Manage alert settings tab. Pick Remote logging and make sure to enable it. In this Cygna Auditor will be sending notifications to remote systems within two minutes after processing an event.