Console
    Start free

    Collect FireEye NX logs

    Supported in:

    This document describes how you can collect the FireEye Network Security and Forensics (NX) logs by using a Google Security Operations forwarder.

    For more information, see Data ingestion to Google SecOps overview .

    An ingestion label identifies the parser that normalizes raw log data to structured UDM format. The information in this document applies to the parser with the FIREEYE_NX ingestion label.

    Configure FireEye NX

    1. Sign in to the FireEye NX interface.
    2. Go to Settings > Notifications.
    3. To enable a syslog notification configuration, select the rsyslogcheckbox.
    4. Click Add rsyslog server.
    5. In the Namefield, enter a name to label your FireEye connection to the Google SecOps instances.
    6. In the IP addressfield, enter the Google SecOps forwarder IP address.
    7. Select the Enabledcheckbox.
    8. In the Deliverylist, select Per event.
    9. In the Notificationslist, select All events.
    10. In the Formatlist, select CEF.
    11. In the Accountfield, don't enter any information.
    12. In the Protocollist, select the protocol.

    13. Click Add new rsyslog server.

    Configure the Google SecOps forwarder to ingest FireEye NX logs

    1. In the Google SecOps menu, select Settings > Forwarders > Add new forwarder.
    2. In the Forwarder namefield, enter a unique name for the forwarder.
    3. Click Submit. The forwarder is added and the Add collector configurationwindow appears.
    4. In the Collector namefield, enter a unique name for the collector.
    5. In the Log typefield, specify FireEye NX .
    6. Select Syslogas the Collector type.
    7. Configure the following input parameters:
      • Protocol: specify the connection protocol that the collector uses to listen to syslog data.
      • Address: specify the target IP address or hostname where the collector resides and listens to syslog data.
      • Port: specify the target port where the collector resides and listens to syslog data.
    8. Click Submit.

    For more information about the Google SecOps forwarders, see Manage forwarder configurations through the Google SecOps UI .

    If you encounter issues when you create forwarders, contact Google SecOps support .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: