Skip to main content

Streaming Reporting Data on Zenconsole

Reporting data can be transmitted to external systems for more empowered reporting and analytics, in addition to being locally stored. Examples of such systems include Zenarmor's recently implemented central reporting and third-party systems such as SIEM, SOAR, XDR, and NDR products. You may easily stream reporting data to organization central reporting database or your external Elasticsearch and Syslog servers.

IMPORTANT NOTE

The Stream Reporting Data feature is not available for the Free & Home Editions. To gain the benefit of the Stream Reporting Data feature, you must have either the SOHO or Business Zenarmor subscriptions. For more information, see the plans & pricing.

Streaming Data Page

Figure 1. Streaming Data Page

To access the Streaming Data page you can follow the steps listed below.

  1. Select your firewall on Zenconsole.
  2. Click Settings menu on the left-hand sidebar.
  3. Click Streaming Data menu under Reporting & Data.

Streaming Reporting Data to Central Database

For SSE and higher editions, organization reporting data are streamed to central reporting database hosted on cloud by default. Zenarmor allows you to disable this feature and store your reporting data only localy.

You may enable or disable streaming reporting data to central database functionality by following the next steps.

  1. Go to Streaming Data page on Zenconsole UI.
  2. Switch on/off Streaming Reporting Data to your organization's central reporting database for consolidated reporting and analytics option.

Enabling Streaming Data to Syslog

You can easily start to streaming Zenarmor reporting data to your Syslog server by following the next steps:

  1. Go to Streaming Data page on Zenconsole UI.
  2. Click Stream Reporting Data to Syslog toggle bar. This will open Stream Reporting Data to Syslog configuration pane.
  3. Enter the Syslog Server IP Address to be used for streaming data in the Syslog Server IP addresses field.
  4. Set Syslog Server Port depending on your Syslog server configuration. Default vaule is 514.
  5. Select Syslog Server Protocol, TCP or UDP. Default option is UDP.
  6. Select Indexes that you want to stream. Available streaming data options are listed below:
    • Connections
    • Web
    • DNS
    • TLS
    • Alerts
  7. Click Save & Enable button to start streaming.

Enabling Stream Data to Syslog

Figure 2. Enabling Stream Data to Syslog

Here is a video that will guide you through the Zenarmor® integration with Wazuh SIEM using Syslog:

Changing Syslog Streaming Configuration

After you enable streaming data to your syslog server, you can easily change its configuration by following the next steps:

  1. Go to Stream Reporting Data to Syslog on the Streaming Data page.
  2. Change the syslog streaming settings, such as IP address, port or protocol, depending on your server configuration.
  3. Click Update button to activate new settings.

Disabling Streaming Data to Syslog

You can easily stop to streaming Zenarmor reporting data to your Syslog server by following the next steps:

  1. Go to Stream Reporting Data to Syslog on the Streaming Data page.

  2. Click Disable button to stop streaming data.

    Updating/Disabling Syslog Streaming Configuration

    Figure 3. Updating/Disabling Syslog Streaming Configuration

Enabling Streaming Data to External Elasticsearch

You can easily start to streaming Zenarmor reporting data to your Syslog server by following the next steps:

  1. Go to Streaming Data page on Zenconsole UI.

  2. Click Stream Reporting Data to External Elasticsearch toggle bar. This will open Stream Reporting Data to External Elasticsearch configuration pane.

  3. Fill in the External Elasticsearch URL field.

  4. Set External Elasticsearch Username.

  5. Set External Elasticsearch Password.

  6. Click Save & Enable button to start streaming.

    Enabling Stream Data to External Elasticsearch

    Figure 4. Enabling Stream Data to External Elasticsearch

info

Remote Elasticsearch database support is compatible with version 8.9.x to 8.17.1 of Elasticsearch.

Changing External Elasticsearch Streaming Configuration

After you enable streaming data to your elasticsearch server, you can easily change its configuration by following the next steps:

  1. Go to Stream Reporting Data to External Elasticsearch on the Streaming Data page.
  2. Change the elasticsearch streaming settings, such as URL, username or password, depending on your server configuration.
  3. Click Update button to activate new settings.

Disabling Streaming Data to External Elasticsearch

You can easily stop to streaming Zenarmor reporting data to your elasticsearch server by following the next steps:

  1. Go to Stream Reporting Data to External Elasticsearch on the Streaming Data page.

  2. Click Disable button to stop streaming data.

    Updating/Disabling External Elasticsearch Streaming Configuration

    Figure 5. Updating/Disabling External Elasticsearch Streaming Configuration

Last updated on by Zenarmor