Iboss

  • Published on Nov 13, 2025
  • 3 minute(s) read
Prev Next

Iboss is a cloud-based cybersecurity platform that provides secure web gateway (SWG), cloud firewall, and zero trust network access (ZTNA) capabilities. It helps organizations protect users and devices by routing internet-bound traffic through the Iboss cloud.

Integration Method: Data Collector (syslog)

Tables: HTTP Activity (4002)

This integration supports the following events.

Event

Description

Web logs

Captures user activity, provides visibility for monitoring, auditing and network traffic analysis.

This integration supports the following versions.

Data Collector API version

0.6-82-f7fa18e

Prerequisites

  • The user should have a compatible version of the system in which the Data Collector is installed. For installation steps, please follow the steps mentioned here.

  • The user should have access to DataBee console.

Configuration Overview

Iboss Cloud - Logs are sent from the Iboss cloud to DataBee

Data Collector - This host has the DataBee Data Collector installed. It receives logs from iboss and forwards the events to DataBee via HTTPS.

  1. Configure syslog in Data Collector machine

  2. Configure syslog output on iboss cloud

  3. Configure Iboss feed in DataBee console

Configure syslog on Data Collector

In this configuration, logs will be received from iboss on port 443. Rsyslog is configured to forward all of it to port 51441. Those logs will be sent to DataBee via HTTPS.

  1. Login to the Linux host machine.

  2. Edit rsyslog.conf as a super user. Run the command sudo nano /etc/rsyslog.conf with admin privileges.

  3. Enable following highlighted TCP lines with port that you want to expose to client machines to forward logs. For e.g, port 443 is opened here for clients to forward logs.

  4. Add auth,authpriv.* @0.0.0.0:51441 at the end of the file to expose auth logs to 51441 port. This port will be used for Iboss feed configuration in DataBee UI.

  5. Save and close the file.
     

  6. Run the following command to restart syslog service sudo service rsyslog restart.

Configure syslog on Iboss cloud

  1. Syslog log forwarding is configured within the iboss zero trust SASE admin console from the Integrations Marketplace.

  2. Add the Syslog log forwarding service and configure it. Refer to Iboss in product documentation for configuration details.

  3. The configuration is done based on the syslog configuration parameters.

  4. Choose the Service Type, Log Type, and Protocol Type based on configuration preference.
     

  5. Add the Host Name of the DataBee data collector which will be receiving the forwarded logs.
     

  6. Add the Port number which is exposed from client system to listen to the logs getting forwarded as highlighted below.
     A screenshot of a computer AI-generated content may be incorrect.

  7. Choose the type of Log Format that needs to be forwarded based on configuration.

    A screenshot of a computer AI-generated content may be incorrect.

  8. Click on the Field Delimiter drop-down menu and choose the desired character for log delimiting.

  9. Select which log URL Fields can be forwarded, based on the fields required.

    A screenshot of a computer AI-generated content may be incorrect.

  10. After configuring all the parameters for the integration with syslog, kindly ensure to use Test Current Service Transmit Settings, to test the connection between the server and the platform based on the settings.
     

  11. Click Add Service to confirm the addition of the new service instance to the platform.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Iboss and click it as shown below.
     

  3. Click on the Data Collector for collection method.
     

  4. Click on the Syslog.

     

  5. Enter feed contact information and select data collector created from the previous step.

  6. click Next.
     

  7. In the configuration page, confirm the following:

    • Select the mode as TCP from the dropdown.

    • Fill the port field with port configured during syslog configuration in host machine.

    • Click Next.


  8. If you don’t want to filter logs based on syslog messages from host/clients, then click on Submit.

    • If you want to filter the message, then click on Add.

    • You will see filters dropdown with two options i.e., Inclusion and Exclusion

      1. Inclusion: Provide keywords that you want to apply on syslog messages to filter which need to be processed in DataBee.

      2. Exclusion: Provide keywords that you want to apply on syslog messages to filter which need not to be processed in DataBee.

    • Click on Submit.
       

Troubleshooting Tips