Configuring Syslog delivery over TCP with TLS


This article applies to:

  • MailMarshal SPE 4.3.4 and above
  • Syslog Configuration

Question:

  • What are the required actions to allow use of Syslog TCP with TLS?

Procedure:

SPE 4.3.4 introduced the ability to use TCP transport with TLS.

This feature has the following prerequisites and setup requirements:

Syslog Server Certificate

The client certificate configured in the Syslog server must be a CA signed certificate. Self signed certificates are not accepted.

MailMarshal Syslog setup

You must import a certificate in the MailMarshal Configurator (Trustwave SEG Properties > Syslog).

To make this page accessible you must first add Registry keys that are not generated in SPE installations:

  1. On the Array Manager, open Regedit.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Syslog
  3. Add the following keys (not values):
    • Message
    • Content
    • RejectedMessage
    • QuarantineAudit
  4. You can now view this dialog and use the certificate wizard to upload a certificate.
Once this information is entered and committed, use the SPE Management Interface to configure Syslog global and customer settings.

Last Modified 10/4/2023.
https://support.trustwave.com/kb/KnowledgebaseArticle21201.aspx