Access Gate generates three streams worth carrying off-box: security alerts, flow records from the monitoring port, and the audit trail of administrative actions. All three can be forwarded to your SIEM over syslog — the format every SIEM understands.
What Gets Exported
| Stream | Typical use | Volume |
|---|---|---|
| Alerts | Detection, incident response | Low — seconds between events |
| Audit trail | Compliance, access review | Low — per user action |
| Flow records | Network forensics, baselining | Medium — proportional to traffic |
You pick which streams to forward, so you can keep the alert feed tight while shipping flow records in bulk.
Syslog Destination
Access Gate sends events over syslog — UDP, TCP, or TCP/TLS. Most SIEMs accept this out of the box: Splunk, Elastic, QRadar, and Sentinel (via its syslog connector) all work without custom integration.
Configure a syslog destination
- Navigate to Settings → Log Export → Destinations.
- Click Add destination and pick Syslog.
- Enter the hostname/IP, port (
514for UDP/TCP,6514for TLS), and transport. - Upload the SIEM's CA certificate if using TLS.
- Pick which streams to send to this destination (alerts, audit, flows).
- Save.
A test button emits a synthetic event so you can confirm it arrived on the SIEM side before relying on production signal.
Related
- Detection and alerts — what populates the alert stream
- System logs and diagnostics information — on-box logs for troubleshooting
- Viewing enclave change history — what's in the audit stream