You need to pay attention to some points while adding products, devices and applications you want to receive logs for your Logsign SIEM product. How to record and transfer logs of the system that you want to log. For example, if you want to get application, security and system log of a machine with Windows operating system, Logsign SIEM will use WMI protocol. But if you are using an antivirus application in this operating system and this application is recording its logs on a file, Logsign SIEM will present you logs by reading the file with the SMB protocol. On the other hand, when you want to receive the flowing logs of a "network based" application, Logsign SIEM will present you with the Syslog method.
We are going to see that what syslog source are supported by Logsign and to follow the integration example.
1. Settings > Device Management > Device List
2. In the following window, click "Add New Source" button.
3. On the Devices, select "SYSLOG".
4. Now you can see all syslog vendor lists plugged-in Logsign. For example, we are going to select "Fortinet". Under the vendor menu, you can see the products provided by the vendor.
5. When you provide the required information and click "Save" the source will be integrated on Logsign.