Configure trusted connections between SIEM and PTA
You must configure trusted connections to send secured syslog data between SIEM and PTA.
Configure SIEM trusted connection to PTA
Secured syslog data requires that a third-party certificate is installed on your PTA Server machine, and that a client certificate is installed on your SIEM machine.
Configure your SIEM solution to send secured syslog data to PTA:
- Follow the instructions in Import your Organization's SSL Certificate to create the Server Certificate.
- Upload the Base-64 Cer Server Certificate file to the appropriate location in each SIEM solution.
- Configure each SIEM solution to send secured syslog data to PTA using the Server Certificate.
- Upload each SIEM client certificate to PTA. To do this, in the PTA utility, run step 16, Installing SSL Client Certificate Issuer Chain (Root, Intermediate(s)). For details, see the step 16 instructions in Install Your Organization's Public Certificate Chains.
- On the PTA machine, open the local systemparm.properties configuration file using the LOCALPARM command.
- Press i to edit the file.
- Value the syslog_inbound parameter as described in systemparm.properties.
Configure PTA trusted connection to SIEM
Secured syslog data requires that a third-party certificate is installed on your PTA Server machine.
Configure PTA to send syslog records to your SIEM solution
- Upload each SIEM client certificate to PTA. To do this, in the PTA utility, run step 16, Installing SSL Client Certificate Issuer Chain (Root, Intermediate(s)). For details, see the step 16 instructions in Install Your Organization's Public Certificate Chains.
- On the PTA machine, open the local systemparm.properties configuration file using the LOCALPARM command.
- Press i to edit the file.
- Value the syslog_outbound parameter as described in systemparm.properties using TLS as the protocol. For details, see Send PTA syslog Records to SIEM.
