Syslog

Monitor machine and network activity for suspicious behavior

Request a DemoRead the Docs

Monitor Syslog data to gain complete security visibility into machine and network activity with Panther’s Syslog integration.

Syslog is a built-in Unix command-line utility that offers a standard way for quickly exchanging log information. Panther can collect, normalize, and monitor Syslog data to identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Syslog with Panther include:

  • Monitor remote system access
  • Alert on sensitive sudo commands

How it Works

The integration is simple and fast:

  • Write your syslog data to Amazon S3 or SQS using tools such as Fluentd, Logstash, or Vector
  • Add your S3 Bucket or SQS Queue as a data source in Panther
  • Panther will parse, normalize, and analyze your log data in real-time
  • As detections are triggered, alerts are sent to your configured destinations
  • Normalized logs are retained in a data lake to power investigations with Panther’s Data Explorer (Enterprise only)

Learn more about Panther's supported log schema for Syslog.