Universal Policy Administrator Documentation
Configuring the Universal Policy Administrator Syslog Provider
You can configure Universal Policy Administrator to forward events and syslog messages to one or more SIEM solutions.
To configure the OpenText Universal Policy Administrator Syslog Provider:
- Open the C:\Program Files\FullArmor\AD Bridge\Gateway\WebApp\Web.Config file.
- Modify the highlighted text in the following code snippet according to your environment:
| <syslogSettings CEFVendor=”FullArmor” CEFProduct=”AD Bridge” CEFVersion=”2.0″> <Forwarders> <add host=”localhost” port=”514″ senderType=”UDP” rfcType=”Rfc5242″ filterType=”None” /> </Forwarders> </syslogSettings> |
The available options for each of these attributes are:
- senderType: The default value is UDP.
- TCP
- UDP
- rfcType: The default value is Rfc5242.
- Rfc5242
- Rfc3164
- filterType: The default value is None.
- SyslogOnly
- AuditOnly
- None
- Set CEFVendor , CEFProduct , and CEFVersion to values of your choice.
See the screenshot below showing UPA’s log events in Splunk Enterprise.
Note: You can specify multiple forwarders in the same Web.Config file.
