# Forescout

#### <span style="color: rgb(53, 152, 219);">Method 1: </span><span style="color: rgb(53, 152, 219);">Network logs forwarding</span>

The Network logs forwarding page ("Settings" &gt; "System Settings" &gt; "Network logs forwarding") allows users to enable and configure the forwarding of Network Logs to a third-party solution by means of syslog messages. The pages and configuration steps required to enable forwarding of Network Logs are exactly the same as those described for Alerts. The only difference lies in the semantics adopted when users un-tick the "always active" checkbox in the alert forwarding conditions, but leave the conditions "tree" empty. For Alerts, this results in all alerts being forwarded, whereas for Network Logs, this results in no log begin forwarded. The rationale is that Alerts are important events that are generally desirable to be forwarded to an analyst, whereas Network Logs are useful additional intelligence for context and threat hunting. This choice of default behavior is to prevent user mistakes in the configuration of eyeInspect to impact their monitoring capabilities. Pre-set messages for CEF, LEEF and JSON (Splunk) are available also for Network Logs forwarding.

<article aria-labelledby="t_network_cntrlr_102_h_configure_the_plugin_receiver_port__title__Toc536460205" class="topic task nested1" id="bkmrk-source%3A-https%3A%2F%2Fdocs"><span style="color: rgb(53, 152, 219);"><span style="color: rgb(0, 0, 0);">Source:</span> *[https://docs.forescout.com/bundle/eyeinspect-user-guide-v5-5-0/page/gitdoc-eyeinspect/eyeInspect/eyeInspect\_User\_Guide/network-logs-forwarding.html](https://docs.forescout.com/bundle/eyeinspect-user-guide-v5-5-0/page/gitdoc-eyeinspect/eyeInspect/eyeInspect_User_Guide/network-logs-forwarding.html)*</span>

#### <span style="color: rgb(53, 152, 219);">Configure the plugin receiver port</span>

<div class="body taskbody"><section class="section context">Configure the Syslog plugin port for receiving syslog events for each <span class="keyword">Forescout Platform</span> device configured as a syslog server (receiver of wireless events and/or switch events) in the management interface. Each device receives syslog events sent from managed, individual network devices.

To configure the port for receiving syslog events:

</section><section>1. <span class="ph cmd">Select <span class="ph menucascade"><span class="ph uicontrol">Tools</span><abbr title="and then"> &gt; </abbr><span class="ph uicontrol">Options</span></span>.</span>
2. <span class="ph cmd">From the Options pane, select <span class="ph uicontrol">Syslog</span>.</span>
3. <span class="ph cmd">Select the <span class="ph uicontrol">Receive From</span> tab and specify this information:</span><div class="itemgroup info"><dl class="dl" id="bkmrk-source-type-ip-addre"><dt class="dt dlterm">Source Type</dt><dd class="dd"></dd><dt class="dt dlterm">IP Address</dt><dd class="dd">Specify the syslog server IP address.</dd><dt class="dt dlterm">UDP Port</dt><dd class="dd">
    - Cisco Meraki: Specify the port number that you configured for the syslog server port in the Meraki Dashboard. Cisco Meraki only supports using UDP protocol for sending syslog events.
    - Ruckus SmartZone: Specify the port number that you configured the syslog server port and protocol in the Ruckus SmartZone Web GUI
    - Arista CloudVision WiFi: Arista CloudVision WiFi only supports using port <kbd class="ph userinput">514</kbd> for sending syslog events.
    
    </dd><dt class="dt dlterm">TCP Port</dt><dd class="dd">Prisma Access: Specify port <kbd class="ph userinput">514</kbd>.</dd><dt class="dt dlterm">Use TLS</dt><dd class="dd">Optional. Select this checkbox to instruct <span class="keyword">Forescout Platform</span> to encrypt communication with the syslog sources. For required certificates when using "Receive From" syslog servers, refer to: [Certificate Management](https://docs.forescout.com/csh?context=certificate-management) in the Syslog Plugin Configuration Guide.</dd></dl></div>
4. <span class="ph cmd">Select <span class="ph menucascade"><span class="ph uicontrol">Apply</span><abbr title="and then"> &gt; </abbr><span class="ph uicontrol">Yes</span></span>.</span>
5. <span class="ph cmd">Repeat steps ‎4–‎8 for each device configured as a syslog server in the management interface.</span>

</section></div></article><article aria-labelledby="t_network_cntrlr_102_h_verify_the_plugin_is_running__title__Toc536460206" class="topic concept nested1" id="bkmrk-verify-the-plugin-is">#### <span style="color: rgb(53, 152, 219);">Verify the plugin is running</span>

Verify that the Syslog plugin is running in all of the <span class="keyword">Forescout Platform</span> devices that are configured in the management interface as syslog servers (In the Console, select <span class="ph menucascade"><span class="ph uicontrol">Options</span><abbr title="and then"> &gt; </abbr><span class="ph uicontrol">Modules</span></span> and expand the <span class="ph uicontrol">Core Extensions</span> module entry).

If the plugin is not running in all of these <span class="keyword">Forescout Platform</span> devices, select <span class="ph menucascade"><span class="ph uicontrol">Syslog</span><abbr title="and then"> &gt; </abbr><span class="ph uicontrol">Start</span></span>.

Source: <span style="color: rgb(53, 152, 219);">*https://docs.forescout.com/bundle/network-cntrlr-1-2-8-h/page/c-syslog-plugin-configuration-p-d1e1407.html*</span>

</article>#### <span style="color: rgb(53, 152, 219);">Method 2: Generate an API key for application integration</span>

<section class="section context" id="bkmrk-to-generate-an-api-k">To generate an API key for your custom application to query ingested log telemetry and other sources of data, complete the following procedure:

</section><section id="bkmrk-in-forescout-cloud-c">1. <span class="ph cmd">In Forescout Cloud Console, select **Integrations** under the **Administration** menu.</span>
2. <span class="ph cmd">Click the **Generate API Key** button next to the category of your application - **IoT/OT** or **SIEM**.</span>The **Generate API Key** configuration screen appears.
    
    <div class="itemgroup info">![](https://docs-be.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-global/_reusables_global/images/forescout_cloud_administration_guide_task_generating_a_query_service_api_key_api_key_management_march11_6951180.png?_LANG=enus)</div>
3. <span class="ph cmd">Select a time for the API key to expire or select "Never Expires".</span>
4. <span class="ph cmd">Select users to receive Email notifications about the API key generation and expiry date.</span>
5. <span class="ph cmd">Click the **Generate** button and copy the API key that appears. This API key is unique and non-retrievable once the window is closed. Store the key in a secure location now; it will be needed by the application with which you are integrating.</span><div class="itemgroup info"><div class="note note note_note" id="bkmrk-when-generating-an-a"><div class="note__body">When generating an API key for <span class="ph uicontrol">Risk Sharing</span> applications, the configuration screen will display the API endpoint URL needed to communicate with the API.</div></div></div><div class="note__body">  
    </div>

</section>Source: *<span style="color: rgb(53, 152, 219);">https://docs.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-cloud/Cloud/forescout-cloud-administration-guide/generate\_an\_api\_key\_for\_application\_integration.html</span>*

<div class="zDocsTopicActions zDocsTopicActions" id="bkmrk-"><div class="zDocsBundlePagination" data-testid="next-prev-container"><div class="zDocsPrevTopicButton zDocsPrevTopicButton"><span class="">[<svg aria-hidden="true" class="ico-prev"></svg>](https://docs.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-cloud/Cloud/forescout-cloud-administration-guide/app_integration_management_59999_d172e1_d173e1.html)</span></div><div class="zDocsNextTopicButton zDocsNextTopicButton"><span class="">[<svg aria-hidden="true" class="ico-next"></svg>](https://docs.forescout.com/bundle/forescout-cloud-administration-guide/page/gitdoc-cloud/Cloud/forescout-cloud-administration-guide/case_management_integrations_17588_d186e1_d187e1.html)</span></div></div><div class="zDocsTopicShare zDocsShareButton"><span aria-expanded="false" aria-label="Share" class="d-none d-lg-flex zDocsShareDialogButton" data-toggle="dropdown" data-tooltip-content="Share" data-tooltip-id="zDocsTopicActionsTooltip" role="button" tabindex="0"><svg aria-hidden="true" class="ico-share"></svg></span></div><div class="zDocsExportPdfMenu zDocsExportMenu" data-testid="export-pdf-menu"><span aria-expanded="false" aria-label="Save PDF" class="d-none d-lg-flex" data-toggle="dropdown" data-tooltip-content="Save PDF" data-tooltip-id="zDocsTopicActionsTooltip" role="button" tabindex="0"><svg aria-hidden="true" class="ico-pdf"></svg></span></div><div class="zDocsFeedback zDocsFeedback zDocsTopicFeedback"><span aria-label="Feedback" class="zDocsFeedbackButton d-none d-lg-flex" data-backdrop="static" data-target="#feedbackModal_main_272844" data-toggle="modal" data-tooltip-content="Feedback" data-tooltip-id="zDocsTopicActionsTooltip" role="button" tabindex="0"><svg aria-hidden="true" class="ico-feedback"></svg></span></div></div>