Configuring App
After you install Veeam App for CrowdStrike Falcon LogScale, you need to configure data ingestion. To do this, perform the following steps:
To add an ingest token, do the following:
- Log in to CrowdStrike and select a repository.
- In the CrowdStrike bar, click Settings.
- In the Ingest section, click Ingest tokens > Add token.
- Specify the name of the token. In the Assigned parser field, select veeam-veeamdataplatform.
- Click Create token.
Creating Log Collector Configuration
To create a log collector configuration, do the following:
- Copy the ID of the ingest token you created. To do this, click See token and click the copy icon.
- In the CrowdStrike bar, click Home. Then, click Data Ingest.
- In the Config overview section, click New config.
- Specify the configuration name, select Empty config and click Create new.
- In the draft editor, do the following:
- In the sources section, specify the minimum settings for collecting syslog messages:
- type — Source type. Specify syslog.
- mode — Transport protocol used by the syslog server. Default values are TCP, UDP or TLS.
- port — Port number used by the syslog server. Default values are 514 (for TCP and UDP) and 6514 (for TLS).
- sink — Name of the destination for syslog messages specified in the sinks section.
- maxEventSize — Maximum allowed syslog event size. Recommended value is 1048576.
- In the sinks section, specify your ingest token ID.
For more information about all configuration parameters, see Falcon Log Collector documentation.
- Test your configuration and click Publish.
Configuration Example
|
Important |
To display data correctly, the format of syslog messages sent to Veeam App for CrowdStrike Falcon LogScale must be the same as on Veeam Backup & Replication and Veeam ONE. For more information, see Specifying Syslog Servers in the Veeam Backup & Replication User Guide and Syslog Integration in the Veeam ONE Monitoring Guide. |