SecuI Firewall Integration
Overview
This integration collects firewall traffic, IPS, VPN, and admin activity logs from SecuI MF2 and BLUEMAX NGF devices. SecuI is widely deployed in Korean public sector and defense environments with CC certification and NIS validation.
Supported models: MF2 series, BLUEMAX NGF
Prerequisites
- A KYRA MDR Collector installed and running (Installation Guide)
- SecuI MF2 or BLUEMAX administrative access
- Network connectivity from the firewall to the collector on port 514
Configuration
Syslog Setup
- Log in to the SecuI management console
- Navigate to 관리 > 로그설정 > Syslog 서버
- Add a new syslog server with the following settings:
| Setting | Value |
|---|---|
| Server IP | Your KYRA Collector IP |
| Port | 514 |
| Protocol | TCP (recommended) or UDP |
- Select the log categories to forward (traffic, IPS, VPN, admin)
- Apply the configuration
Sample Log Format
SecuI uses a proprietary key-value format:
<14>date=2026-03-20 time=10:23:45 devname=MF2-3000 logid=0001 type=traffic subtype=forward action=accept srcip=192.168.1.10 dstip=8.8.8.8Note: KYRA MDR includes a custom parser for SecuI log format. No additional format conversion is needed.
Collected Log Types
| Log Type | Security Use | Priority |
|---|---|---|
| Firewall traffic | Network flow visibility, lateral movement detection | Critical |
| IPS events | Intrusion detection and attack signatures | High |
| VPN (IPSec) | Remote access monitoring | High |
| NAT logs | Address translation tracking | Medium |
| Admin activity | Configuration change auditing | High |
| Web Filter | Web access policy violations (UTM models) | Medium |
| Application Control | Application-level traffic control (BLUEMAX) | Medium |
Troubleshooting
No Logs Received
- Verify the syslog server IP matches your collector’s address
- Ensure no firewall rules block port 514 between the devices
- Confirm log forwarding is enabled in the SecuI management console
Partial Logs
- Ensure all desired log categories are selected in the syslog configuration
- Verify the minimum log severity level is set to include informational events
For additional help, contact kyra@seekerslab.com.