Shipping logs to SIEM systems
DX Cloud supports seamless integration with Security Information and Event Management (SIEM) systems to help organizations monitor and analyze security events. This page provides an overview of the logs shipped to SIEM systems, the method used for shipping, compatible SIEM platforms, and the frequency of log delivery.
For detailed log descriptions, see Cockpit Logs. |
DX Cloud can forward the following log types to your SIEM system:
-
Core Magnolia: Logs from the Magnolia application, including content management activities, user actions, and system events (e.g., login attempts, content publishing).
-
Ingress: Logs related to incoming traffic to your Magnolia instance, capturing details about HTTP requests and routing.
-
Fastly CDN: Logs from Fastly’s Content Delivery Network, including request details, caching behavior, and performance metrics.
-
Web Application Firewall (WAF): Security logs from the WAF, such as blocked requests, detected threats, and rule violations.
-
Kubernetes (K8s): Logs from the Kubernetes cluster hosting DX Cloud, covering pod events, container activities, and orchestration details.
How logs are shipped
DX Cloud uses FluentBit, a lightweight and high-performance log processor, to collect, process, and forward logs to your SIEM system. FluentBit is configured to aggregate logs from all Magnolia components and deliver them in a format compatible with your SIEM.
Using FluentBit for SIEM integration incurs additional costs due to licensing, configuration, and infrastructure requirements. Contact your Magnolia account manager for pricing details. For technical details on FluentBit configuration, refer to FluentBit’s official documentation. |
Compatible external SIEM systems
DX Cloud integrates with virtually any SIEM system that supports the log formats and protocols provided by FluentBit. Common formats include JSON, Syslog (RFC 5424), and others, which are compatible with leading SIEM platforms such as:
-
Splunk
-
IBM QRadar
-
Microsoft Sentinel
-
Sumo Logic
-
Datadog
For a complete list of supported output formats and destinations, see the FluentBit output plugins list. To confirm compatibility with your specific SIEM, consult with your Magnolia implementation team during setup.
Log Shipping Frequency
DX Cloud ships logs to your SIEM system in near real-time, with FluentBit configured to forward logs as they are generated, typically within seconds. However, depending on your configuration, logs can be buffered and sent in batches (e.g., every 1 to 5 minutes) to optimize performance and reduce overhead. The exact frequency can be customized during setup to meet your organization’s needs.