I'm trying to setup syslog forwarding from PhishER (from KnowBe4) to SumoLogic. SumoLogic cloud syslog provides a token.
In PhishER it asks me to provide them below
- Client authentication certification (PEM format)
- Client authentication key (PEM format)
- CA certificate (PEM format)
How can we configure cloud syslog for the above?
There is no option of injecting the token generated by SumoLogic in PhisER, so it would not be possible to collect those syslog via cloud syslog source.
Having said that, you can configure a installed Collector with a Syslog Source and send through that method. To provide TLS you will need to use an intermediary service to decrypt and forward the traffic to the Collector syslog source because we do not support TLS natively on that syslog source type.
Since any certificates that you may need to be configured within that forwarding service, which means the you will have full control over creating the certificates this integration is asking for.