Configuring Generic Log Capture

You can capture generic logs from your devices, which you can send to Stellar Cyber. We can use those logs to generate a custom log parser for your device. Stellar Cyber cannot use these generic logs for generating alerts.

To send the logs to Stellar Cyber:

  1. Configure your device to send logs to UDP port 5201.

  2. Allow Stellar Cyber to collect a significant number (100 or more) of logs.

  3. In Stellar Cyber, click Investigate | Threat Hunting. The Threat Hunting page appears. The Interflow Search tab appears by default.

  4. Set the Index to Syslog.

  5. Search for dev_type:generic_capture. The captured logs are displayed.

  6. Click to expand the record.

  7. Scroll to raw.

  8. Click to add raw to the columns.

  9. Change the Items Per Page to a number large enough to encompass all of the logs.

  10. Click to download the records.

  11. Send the downloaded logs to Stellar Cyber.

  12. Configure your device to stop sending logs to port 5201.