Skip to main content
Wirespeed can ingest Syslog logs from any source within your organization. Email addresses, IPs, and important dates are automatically identified and extracted. If you would like additional information extracted, please use the Chat button on the left-hand navigation and talk with our support team.
  1. Login to Wirespeed and navigate to Integrations > Add Integration
  2. Select Generic Syslog and click Integrate
  3. After you have clicked Integrate, select Chat on the left-hand navigation and ask the support team to provide you with an ip:port combination to provide to your source application
  4. Events will begin showing up shortly

Understanding IP:Port

When you set up a syslog integration, Wirespeed provides you with an IP address and a port number (e.g., 203.0.113.10:12345). The IP address is the Wirespeed endpoint your devices will send logs to, and the port is how Wirespeed identifies which service or vendor the incoming logs belong to. You can think of each port as corresponding to a vendor or service. When logs arrive on a given port, Wirespeed knows which integration they belong to and displays them under the correct vendor name in the Events tab.

When do I need multiple ports?

Different vendors or services require separate ports. For example, if you have both a SonicWall firewall and a Cisco Meraki deployment, each would get its own ip:port so they appear as distinct vendors in Events. Multiple devices of the same vendor can typically share a single port. For example, if you have several FortiGate firewalls (active-active pairs, active-passive pairs, etc.) all sending FortiGate syslog, they can all target the same ip:port. The logs will appear under a single vendor entry in Events, and you can filter by device name, source IP, or other identifiers within the logs to distinguish between individual appliances.
If you have distinct groups of the same vendor that you’d like to track separately (e.g., firewalls in different regions), you can optionally request separate ports for each group. To do this, add another Generic Syslog integration via Integrations > Add Integration and request a new ip:port from the support team. Each additional integration gets its own port, giving you separate vendor entries in the Events tab for easier filtering. However, this is not required — a single port works fine as long as the logs contain identifiers like device name or IP address.