#############
Syslog Output 
#############


AEO Syslog Output
=================

AEO can be configured to send syslog output to one or more designated syslog receivers, SIEMS, or analytics platforms such as Splunk, Elasticsearch, Syslogng, rsyslog, Alertlogic, and more.

**Requires**

- AEO Hub version 6.0.8 or above
- Remote syslog receiver 


**Fields**

- Server (Required) - IP address of the external syslog receiver
- Port (Required) - Port of external syslog server. 
- Level - (Optional) minimum level of alert to send
- Rule ID - (Optional) specific rule ID 
- Location - (Optional) Log location, example: agent123->/var/log/messages 
- Use FQDN - (Optional) Use the Fully Qualified Domain Name in the syslog output
- Format - (Optional) Log format to transmit

  - default - Default AEO syslog format
  - cef - Common Event Format
  - json - JSON format
  - splunk - Splunk format 

- Groups - (Optional) Event group 

.. note:: JSON output is recommended


**Step 1) Log in to the AEO console, and select Integrations->Remote Syslog**

  .. image:: ../../../images/manual/01-syslog-output.png


**Step 2) Select the required fields IP address and Port, and any optional fields**

  .. image:: ../../../images/manual/02-syslog-output.png


**Step 3) Click update, and wait 5-10 seconds for the page to refresh**

  .. image:: ../../../images/manual/03-syslog-output.png






Local Log collection agent
==========================

Any local log transport agent on supported distributions can be used to collect the AEO hub logs and send them to a remote location.

AEO Alert logs are located at: /var/ossec/logs/alerts/alerts.json

