SFlow Integration with Logsign SIEM

Sflow datas forwarding should be done to port 6343 of Logsign Unified SecOps Platform IP.

Note that: Sflow configuration varies according to different vendors.

1- We need to make sure that the data reaches port 6343 with the following command.

4.png

2- With the following command, we back up the logsign-flowd.conf file under the default /etc/init to /home/iadmin.

5.png

3- We replace the logsign-sflowd.conf file under /opt/logsign-poller with the conf inside /etc/init

6.png

4- After the operations, you should see that the datas are forwarded to port 2056 of 127.0.0.1 with the following command.

7.png

5- Now SFlow integration can be performed by clicking the “+Device” button from “Source List” tab on Logsign Unified SecOps Platform.

8.png

6-SFlow is selected as the integration type and the necessary information is entered in the relevant fields. Then click on the save button.

9.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.