The PingIntelligence Dashboard
engine supports sending attack information to a syslog
server.
The PingIntelligence Dashboard ships
with a syslog.xml and attack_log.xml file in the
Dashboard config directory. The config file
supports other formats available with Log4j including .properties
,
.json
, or .yml
.
The following is a snippet of the
syslog.xml
file.<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="APIIntelligence" packages="">
<Appenders>
<!--<Syslog name="bsd" host="localhost" port="514" protocol="TCP"
ignoreExceptions="false" immediateFlush="true" />-->
<Syslog name="RFC5424" host="localhost" port="614" protocol="TCP"
format="RFC5424" appName="APIIntelligence" mdcId="mdc"
facility="LOCAL0" enterpriseNumber="18060" newLine="true"
messageId="Audit" id="App" ignoreExceptions="false" immediateFlush="true"/>
</Appenders>
<Loggers>
<Logger name="com.pingidentity.abs.publish" level="info" additivity="false">
<AppenderRef ref="RFC5424"/>
</Logger>
</Loggers>
</Configuration>