Skip to content

SIEM Log Forwarding

VaultStream supports real-time event streaming to Security Information and Event Management (SIEM) platforms.

Supported Formats

Format Transport Use Case
Syslog (RFC 5424) TCP/TLS Splunk, ArcSight, QRadar
JSON Lines HTTPS (webhook) Sumo Logic, Datadog
CEF Syslog ArcSight, Micro Focus

Configuration

  1. Navigate to Settings → SIEM in the Partner Portal
  2. Select your SIEM platform and format
  3. Provide the endpoint URL or syslog server address
  4. Choose event categories to forward
  5. Test the connection
  6. Enable forwarding

Event Categories

Category Recommended
Authentication events Always
Administrative actions Always
Content operations Recommended
Playback events Optional (high volume)
System health Recommended

Rate & Volume

Typical event volume: 500–5,000 events/hour per 1,000 active viewers, depending on category selection.

Contact your solutions architect for volume estimation for your deployment.