Syslog is an event logging protocol that applications use to send messages to a central location, such as a SIEM or a syslog collector, for data retention and security investigations. With Red Hat Advanced Cluster Security for Kubernetes, you can send alerts and audit events using the syslog protocol.
|
The following steps represent a high-level workflow for integrating Red Hat Advanced Cluster Security for Kubernetes with a syslog events receiver:
Set up a syslog events receiver to receive alerts.
Use the receiver’s address and port number to set up notifications in the Red Hat Advanced Cluster Security for Kubernetes.
After the configuration, Red Hat Advanced Cluster Security for Kubernetes automatically sends all violations and audit events to the configured syslog receiver.
Create a new syslog integration in Red Hat Advanced Cluster Security for Kubernetes.
On the RHACS portal, navigate to Platform Configuration → Integrations.
Scroll down to the Notifier Integrations section and select Syslog.
Click New Integration (add icon).
Enter a name for Integration Name.
Select the Logging Facility value from local0
through local7
.
Enter your Receiver Host address and Receiver Port number.
If you are using TLS, turn on the Use TLS toggle.
If your syslog receiver uses a certificate that is not trusted, turn on the Disable TLS certificate Validation (Insecure) toggle. Otherwise, leave this toggle off.
Select Test (checkmark
icon) to send a test message to verify that the integration with your generic webhook is working.
Select Create (save
icon) to create the configuration.