Skip to main content
Sumo Logic

Collect Logs for Trend Micro Deep Security

Detailed steps to collect logs for Trend Micro Deep Security.

Configure Collector and Sources

To collect logs for Deep Security, you will need:

  1. One Installed Collector.
  2. One Syslog Source.

Configure Deep Security System Event Log Forwarding

For complete details on configuring your Deep Security system for use with Sumo Logic, see the White Paper, “Deep Security Integration with Sumo Logic”.

To forward Deep Security system events to Sumo Logic:

  1. In Deep Security, go to Administration > System Settings > SIEM.
  2. Configure SIEM:

    1. Forward System Events to a remote computer (via Syslog). Activate this check box.

    2. Hostname or IP address to which events should be sent. This is the hostname or IP address of the Sumo Logic Installed Collector.

    3. UDP port to which events should be sent.  Enter 514.

    4. Syslog Facility. Select Local 0.

    5. Syslog Format. Select Common Event Format.

  3. Save your changes.

Configure the Policy

Now you must add the Syslog Source to your Policy configuration. Set the integration details at the Top (root/base) policy as follows:

  1. Go to Settings > SIEM.
  2. For Anti-Malware Event Forwarding, select Forward Events To: and Relay via the Manager.

    1. Hostname or IP address to which events should be sent. This is the hostname or IP address of the Sumo Logic Installed Collector.

    2. UPD port to which events should be sent.  Enter 514.

    3. Syslog Facility. Select Local 1.

    4. Syslog Format. Select Common Event Format.

  3. For Web Reputation Event Forwarding, select Forward Events To: and Relay via the Manager.

    1. Hostname or IP address to which events should be sent. This is the hostname or IP address of the Sumo Logic Installed Collector.

    2. UPD port to which events should be sent.  Enter 514.

    3. Syslog Facility. Select Local 1.

    4. Syslog Format. Select Common Event Format.

  4. Click Save.