Custom Syslog Sources Integration
Overview
KYRA MDR supports any device or application that can send syslog messages. This guide covers configuring custom syslog sources for log collection, enabling security monitoring for proprietary systems and legacy devices.
Prerequisites
- A KYRA MDR Collector installed and running
- Device or application capable of sending syslog (RFC 3164 or RFC 5424)
- Network connectivity from the source to the collector on port 514
- Knowledge of the log format for parser configuration
Configuration
Configure any syslog-capable device:
| Setting | Value |
|---|---|
| Server/Host | Your KYRA Collector IP |
| Port | 514 (or custom) |
| Protocol | TCP (recommended) or UDP |
| Facility | local0-local7 |
| Severity | info or higher |
For file-based logging, use rsyslog:
module(load="imfile")input(type="imfile" File="/var/log/myapp/*.log" Tag="myapp" Facility="local3")local3.* @@<collector-ip>:514For custom parsing, contact KYRA MDR support with sample log lines.
Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| Application Events | Custom application log entries | Application security |
| System Events | Host and service events | Infrastructure monitoring |
| Security Events | Authentication and access events | Access control monitoring |
| Error Events | Error and exception logs | Incident detection |
| Audit Events | Audit trail entries | Compliance monitoring |
| Custom Events | Any structured or unstructured log | Flexible monitoring |
Troubleshooting
Logs not received: Verify connectivity with telnet <collector-ip> 514.
Parsing failures: Custom formats require parser configuration. Send samples to kyra@seekerslab.com.
Timestamp issues: Ensure the source sends logs with timestamps for proper correlation.
Contact kyra@seekerslab.com for support.