[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Collect FireEye NX logs\n=======================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n| **Note:** This feature is covered by [Pre-GA Offerings Terms](https://chronicle.security/legal/service-terms/) of the Google Security Operations Service Specific Terms. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [Google SecOps Technical Support Service guidelines](https://chronicle.security/legal/technical-support-services-guidelines/) and the [Google SecOps Service Specific Terms](https://chronicle.security/legal/service-terms/).\n\nThis document describes how you can collect the FireEye Network Security and Forensics (NX) logs by using a Google Security Operations forwarder.\n\nFor more information, see [Data ingestion to Google SecOps overview](/chronicle/docs/data-ingestion-flow).\n\nAn ingestion label identifies the parser that normalizes raw log data to structured\nUDM format. The information in this document applies to the parser with the\n`FIREEYE_NX` ingestion label.\n\nConfigure FireEye NX\n--------------------\n\n1. Sign in to the FireEye NX interface.\n2. Go to **Settings \\\u003e Notifications**.\n3. To enable a syslog notification configuration, select the **rsyslog** checkbox.\n4. Click **Add rsyslog server**.\n5. In the **Name** field, enter a name to label your FireEye connection to the Google SecOps instances.\n6. In the **IP address** field, enter the Google SecOps forwarder IP address.\n7. Select the **Enabled** checkbox.\n8. In the **Delivery** list, select **Per event**.\n9. In the **Notifications** list, select **All events**.\n10. In the **Format** list, select **CEF**.\n11. In the **Account** field, don't enter any information.\n12. In the **Protocol** list, select the protocol.\n13. Click **Add new rsyslog server**.\n\n | **Note:** Ensure that you send syslog to the collector on a unique **UDP** or **TCP** port with port number **11583**.\n\nConfigure the Google SecOps forwarder to ingest FireEye NX logs\n---------------------------------------------------------------\n\n1. In the Google SecOps menu, select **Settings \\\u003e Forwarders \\\u003e Add new forwarder**.\n2. In the **Forwarder name** field, enter a unique name for the forwarder.\n3. Click **Submit** . The forwarder is added and the **Add collector configuration** window appears.\n4. In the **Collector name** field, enter a unique name for the collector.\n5. In the **Log type** field, specify `FireEye NX`.\n6. Select **Syslog** as the **Collector type**.\n7. Configure the following input parameters:\n - **Protocol**: specify the connection protocol that the collector uses to listen to syslog data.\n - **Address**: specify the target IP address or hostname where the collector resides and listens to syslog data.\n - **Port**: specify the target port where the collector resides and listens to syslog data.\n8. Click **Submit**.\n\nFor more information about the Google SecOps forwarders, see [Manage forwarder configurations through the Google SecOps UI](/chronicle/docs/install/forwarder-management-configurations).\n\nIf you encounter issues when you create forwarders, contact [Google SecOps support](https://console.cloud.google.com/support)."]]