Configuring Exporting Events to Syslog for Illumio PCE

All audit and traffic summaries are sent to syslog in JSON format by default. The default configuration must be updated so that the events are exported in LEEF format.

Procedure

  1. Stop the PCE software so that changes to the PCE runtime_env.yml file can be made.
  2. Enable LEEF formatting by configuring the PCE runtime_env.yml parameter syslog_event_export_format.
    syslog_event_export_format:leef
  3. Export traffic summaries to Syslog by configuring the PCE runtime_env.yml parameter export_flow_summaries_to_syslog:
    export_flow_summaries_to_syslog:
         accepted
         potentially_blocked
         blocked
    Tip: By default, the PCE exports all audit events to Syslog. Therefore, no configuration is required to enable exporting audit events.

    The export_flow_summaries_to_syslog parameter should be considered experimental and the mechanism for configuring this feature might change in a future release.

    Note: The export_flow_summaries_to_syslog parameter should be considered experimental and the mechanism for configuring this feature might change in a future release.
  4. Type the ./illumio-pce-env check command to validate the syntax of the configuration file.
  5. Start the PCE software.

What to do next

Configure Syslog Forwarding