Label penyerapan mengidentifikasi parser yang menormalisasi data log mentah ke format UDM terstruktur. Informasi dalam dokumen ini berlaku untuk parser dengan label penyerapan
ILLUMIO_CORE.
Buat grup log
Di menu konsol web Policy Console Engine (PCE), buka Settings > Event settings.
Klik Tambahkan. Jendela Setelan peristiwa – tambahkan penerusan peristiwa akan muncul.
Klik Add repository.
Pada dialog Add repository yang muncul, lakukan tindakan berikut:
Di kolom Description, masukkan nama untuk server syslog.
Di kolom Address, masukkan alamat IP server syslog.
Dalam daftar Protocol, pilih UDP atau TCP sebagai protokol.
Di kolom Port, masukkan nomor port untuk server syslog.
Dalam daftar TLS, pilih Nonaktif.
Klik Oke.
Di dialog Peristiwa yang muncul, pilih peristiwa yang ingin Anda kirim ke server syslog.
Konfigurasi repositori penerusan peristiwa untuk menentukan peristiwa yang diperlukan untuk penerusan.
Aktifkan semua opsi di Peristiwa yang dapat diaudit dan Peristiwa traffic.
Klik Simpan.
Mengonfigurasi penerusan Google SecOps untuk menyerap log Illumio Core
Di menu Google SecOps, pilih Settings > Forwarders > Add new forwarder.
Di kolom Nama penerusan, masukkan nama unik untuk penerusan.
Klik Kirim. Forwarder ditambahkan dan jendela Add collector configuration
akan muncul.
Di kolom Nama pengumpul, masukkan nama unik untuk pengumpul.
Di kolom Jenis log, tentukan Illumio Core.
Pilih Syslog sebagai Collector type.
Konfigurasikan parameter input berikut:
Protokol: tentukan protokol koneksi yang digunakan pengumpul untuk memproses data syslog.
Alamat: tentukan alamat IP atau nama host target tempat pengumpul
berada dan memproses data syslog.
Port: tentukan port target tempat pengumpul berada dan memproses
data syslog.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["Collect Illumio Core logs \nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n| **Note:** This feature is covered by [Pre-GA Offerings Terms](https://chronicle.security/legal/service-terms/) of the Google Security Operations Service Specific Terms. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [Google SecOps Technical Support Service guidelines](https://chronicle.security/legal/technical-support-services-guidelines/) and the [Google SecOps Service Specific Terms](https://chronicle.security/legal/service-terms/).\n\nThis document describes how you can collect the Illumio Core logs by using a Google Security Operations forwarder.\n\nFor more information, see [Data ingestion to Google SecOps](/chronicle/docs/data-ingestion-flow).\n\nAn ingestion label identifies the parser which normalizes raw log data to structured\nUDM format. The information in this document applies to the parser with the\n`ILLUMIO_CORE` ingestion label.\n\nCreate a log group\n\n1. In the **Policy Console Engine (PCE)** web console menu, go to **Settings \\\u003e Event settings**.\n2. Click **Add** . The **Event settings -- add event forwarding** window appears.\n3. Click **Add repository**.\n4. In the **Add repository** dialog that appears, do the following:\n\n 1. In the **Description** field, enter a name for the syslog server.\n 2. In the **Address** field, enter the IP address of the syslog server.\n 3. In the **Protocol** list, select **UDP** or **TCP** as a protocol.\n 4. In the **Port** field, enter the port number for the syslog server.\n 5. In the **TLS** list, select **Disabled**.\n 6. Click **Ok**\n5. In the **Events** dialog that appears, choose the events you want to send to your syslog server.\n\n6. Configure the event forwarding repository to specify the required events for forwarding.\n\n7. Enable all options in **Auditable events** and **Traffic events**.\n\n8. Click **Save**.\n\n | **Note:** TLS is not supported for this onboarding.\n\nConfigure the Google SecOps forwarder to ingest Illumio Core logs\n\n1. In the Google SecOps menu, select **Settings \\\u003e Forwarders \\\u003e Add new forwarder**.\n2. In the **Forwarder name** field, enter a unique name for the forwarder.\n3. Click **Submit** . The forwarder is added and the **Add collector configuration** window appears.\n4. In the **Collector name** field, enter a unique name for the collector.\n5. In the **Log type** field, specify `Illumio Core`.\n6. Select **Syslog** as the **Collector type**.\n7. Configure the following input parameters:\n - **Protocol**: specify the connection protocol that the collector uses to listen to syslog data.\n - **Address**: specify the target IP address or hostname where the collector resides and listens to syslog data.\n - **Port**: specify the target port where the collector resides and listens to syslog data.\n8. Click **Submit**.\n\nFor more information about the Google SecOps forwarders, see [Manage forwarder configurations through the Google SecOps UI](/chronicle/docs/install/forwarder-management-configurations).\n\nIf you encounter issues when you create forwarders, contact [Google SecOps support](https://console.cloud.google.com/support)."]]