Overview
The Blumira Sensor Logger Module is automatically installed when you add a new sensor in Blumira, and you should not remove it. Logger Module is the sensor component that collects logs from inbound Syslog data and other modules installed on the sensor and forwards them to the Blumira cloud.
If you have sensors as a licensed feature in your account, you can leverage a sensor as a Syslog server for many different integrations.
Supported syslog integrations
The following Blumira integrations require and depend on Logger Module to collect logs:
- Bitdefender
- Cisco ASA
- Cisco FirePower Threat Defense
- Citrix Application Delivery Controller
- ESET Endpoint Protection
- Fortinet Fortigate Firewall
- Infoblox
- Juniper Networks
- Malwarebytes
- Malwarebytes Nebula
- Palo Alto Networks Panorama
- Palo Alto Next-Gen Firewall
- Sophos XG
- Symantec
- Synology
- Trend Micro Apex One
- Ubiquiti UniFi
- VMware Carbon Black App Control
- ZScaler
Configuring your external service to send Syslog data to a sensor
For the integrations that rely on our Logger Module, you will configure the external product so it can forward log data to a Blumira sensor. Before configuring the source service or application, determine which Blumira sensor will collect the log data.
If necessary, add a new sensor (see Building a Blumira sensor on Ubuntu). No other configuration or setup is required in the Blumira app for integrations using Syslog data.
Provide this Blumira sensor information when setting up your Syslog server:
- The IP address of the Blumira sensor you will log events to
- Port number 514
If you intend to use TLS-Syslog
TLS-Syslog is fragile on a good day. Organizations differ in how they deploy secure negotiation, which can result in strange implementations across the entire industry. In general, Blumira has opted for the simple solution and we will build out more complex implementations of TLS-Syslog in the future.
Reference: See configuration information in Sending Syslog over TLS.