All audit and traffic summaries are sent to syslog in JSON format by default. The default
configuration must be updated so that the events are exported in LEEF format.
Procedure
-
Stop the PCE software so that changes to the PCE runtime_env.yml file can
be made.
-
Enable LEEF formatting by configuring the PCE runtime_env.yml parameter
syslog_event_export_format.
syslog_event_export_format:leef
-
Export traffic summaries to Syslog by configuring the PCE runtime_env.yml
parameter export_flow_summaries_to_syslog:
export_flow_summaries_to_syslog:
accepted
potentially_blocked
blocked
Tip: By default, the PCE exports all audit events to Syslog. Therefore, no configuration
is required to enable exporting audit events.
The
export_flow_summaries_to_syslog parameter should be considered experimental and
the mechanism for configuring this feature might change in a future release.
Note: The export_flow_summaries_to_syslog parameter should be considered
experimental and the mechanism for configuring this feature might change in a future release.
-
Type the ./illumio-pce-env check command to validate the syntax of the
configuration file.
-
Start the PCE software.