The Blumira Sensor Logger Module is automatically installed when you add a new sensor in Blumira, and you should not remove it.
Our Logger Module is the sensor component that collects logs from inbound Syslog data and other modules installed on the sensor and forwards them to the Blumira cloud.
Many Blumira integrations require and depend on Logger Module to collect logs:
- Check Point Next-Gen Firewall
- Cisco ASA
- Cisco FTD FirePower Threat Defense
- Citrix Application Delivery Controller (ADC)
- ESET Endpoint Protection
- Fortinet Fortigate Firewall
- Linux Servers
- Malwarebytes and Malwarebytes Nebula
- Microsoft Windows Server
- Palo Alto Next-Gen Firewall and Palo Alto Networks Panorama
- Trend Micro Apex One
- VMware Carbon Black Endpoint Protection
- any other integrations with a non-API log forwarding solution
Providing Blumira sensor information to forward logs to Logger Module
For the integrations that rely on our Logger Module, you will perform configuration in the external product so it can forward log data to a Blumira sensor. Before configuring the source service or application, determine which Blumira sensor will collect the log data.
If necessary, add a new sensor (see Building a Blumira sensor on Ubuntu). No other configuration or setup is required in the Blumira app for integrations using Syslog data.
Provide this Blumira sensor information when setting up your Syslog server:
- The IP address of the Blumira sensor you will log events to
- Port number 514
If you intend to use TLS-Syslog
TLS-Syslog is fragile on a good day. Organizations differ in how they deploy secure negotiation, which can result in strange implementations across the entire industry. In general, Blumira has opted for the simple solution and we will build out more complex implementations of TLS-Syslog in the future.
Reference: See configuration information in Sending Syslog over TLS.