Configuring Generic Log Capture
You can capture generic logs from your devices, which you can send to Stellar Cyber. We can use those logs to generate a custom log parser for your device. Stellar Cyber cannot use these generic logs for generating alerts.
To send the logs to Stellar Cyber:
-
Configure your device to send logs to UDP port 5201.
-
Allow Stellar Cyber to collect a significant number (100 or more) of logs.
-
In Stellar Cyber, click Investigate | Threat Hunting. The Threat Hunting page appears. The Interflow Search tab appears by default.
-
Set the Index to Syslog.
-
Search for dev_type:generic_capture. The captured logs are displayed.
-
Click to expand the record.
-
Scroll to raw.
-
Click to add raw to the columns.
-
Change the Items Per Page to a number large enough to encompass all of the logs.
-
Click to download the records.
-
Send the downloaded logs to Stellar Cyber.
-
Configure your device to stop sending logs to port 5201.