Skip to content

How to configure IPS FireEye to send logs to CQ Server IP Address on port 5140 UDP

To configure IPS FireEye to send logs to CYBERQUEST Server, please follow the below steps:

1) Login to FireEye NX Web UI with an admin account.

2) Navigate to Settings > Notifications.

3) Click rsyslog and check the Event type check box.

4) Make sure Rsyslog settings are:

  • Default format: CEF

  • Default delivery: Per event

  • Default send as: Alert

5) Next to the Add Rsyslog Server button, type CYBERQUEST. And, click on Add Rsyslog Server button.

6) Enter the CYBERQUEST server IP address in the IP Address field. (Public IP, if hosted in cloud)

7) Check off the Enabled check box.

8) Select Per Event in the Delivery drop-down list.

9) Select All Events from the Notifications drop-down list.

10) Select CEF as the Format drop-down list.

11) Select UDP from the Protocol drop-down list. (Default port is 5140)

12) Now, click Update. And click the Test-Fire button to send the test events to CYBERQUEST server.