Skip to content

How to configure IPS FireEye to send logs to CQ Server IP Address on port 5140 UDP

Configuring a Syslog Forwarding

Follow the below steps to configure syslog.

  1. Login to FireEye NX Web UI with an admin account.

  2. Navigate to Settings > Notifications.

  3. Click rsyslog and Check the “Event type” check box.

  4. Make sure Rsyslog settings are:

Default format: CEF

Default delivery: Per event

Default send as: Alert

  1. Next to the “Add Rsyslog Server” button, type “Cyber Quest”. And, click on “Add Rsyslog Server” button.

  2. Enter the Cyber Quest server IP address in the "IP Address" field. (Public IP, if hosted in cloud)

  3. Check off the Enabled check box.

  4. Select Per Event in the "Delivery" drop-down list.

  5. Select All Events from the "Notifications" drop-down list.

  6. Select CEF as the "Format" drop-down list.

  7. Select UDP from the "Protocol" drop-down list. (Default port is 5140)

  8. Now, click Update. And click the “Test-Fire” button to send the test events to Cyber Quest server.