Reset Search



KB44770 - How to configure vWAF to send logs to a syslog server

« Go Back


Last Modified Date3/31/2021 8:43 PM
This article talks about configuring vWAF to send WAF logs to a syslog server.
Problem or Goal
vWAF can be configured to send syslogs in formats including syslog-cef, syslog-csv, syslog-rfc5424 and standard syslog.
In order to configure server address, we need to add the entry in zeusafm.conf file, the path for this file is as below:

$ZEUSHOME/zxtm-<your-version>/conf_<either A or B depending on which is present>/zeusafm.conf

($ZEUSHOME is the installation directory, e.g. /usr/local/zeus or /opt/zeus, etc) 

For example, on a single vTM appliance running version 20.3, the above location could look like this:


Edit the above file using an editor like vi or nano after logging into vTM via SSH and append the server IP to line "slaveLogBackend" with file path and type of back-end ( either syslog, syslog-cef, syslog-csv or syslog-rfc5424 based on format of syslog you would like to send ). For example, to send logs in rfc5424 format, edit line as below:

slaveLogBackend file:${ZEUSHOME}/log/stingrayafm/log,syslog-rfc5424:<Ip of server here>

This would trigger a restart of WAF for setting change to take effect.

Related Links
Attachment 1 
Created ByRohit Shetty



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255