Create a syslog server object with the IP address, TCP port, or UDP port of the Secure Event Connector (SEC) you want to send events to. You would create one syslog object for every SEC that you have onboarded to your tenant but you would only send connection events from one rule to one syslog object representing one SEC.
- In the navigation bar, click Objects.
- Click the Create Object button .
- Select Syslog Server under FTD object types.
- Configure the syslog server object properties. To find these properties of the SEC, click the account menu and click Secure Connectors. Then select the Secure Event Connector you want to configure the syslog object for and look in the Details pane on the right.
- IP Address—Enter the IP address of the SEC.
- Protocol Type—Select TCP or UDP.
- Port Number—Enter port 10125 if you selected TCP or 10025 if you selected UDP.
- Select an interface—Select the management interface.
Note: FTD supports one syslog object per IP address so you will have to choose between using TCP and UDP.
- Click Add.
- Review and deploy now the changes you made, or wait and deploy multiple changes at once.