# FireEye

## FireEye 

To Forward Fireeye Logs  

1. Log in to the FireEye appliance by using the CLI. 
2. To activate configuration mode, type the following commands: 

`enable` 

`configure terminal` 

1. To enable rsyslog notifications, type the following command: 

`fenotify rsyslog enable` 

1. To add BluSapphire Log Collector as a rsyslog notification consumer, type the following command: 

`fenotify rsyslog trap-sink blus` 

1. To specify the IP address for the “Log Collector” system that you want to receive rsyslog trap-sink notifications, type the following command: 

`fenotify rsyslog trap-sink blus address <Log Collector_IP_address>`&#x20;

1. To define the rsyslog event format, type the following command:&#x20;

`fenotify rsyslog trap-sink blus prefer message format cef`&#x20;

1. To save the configuration changes to the FireEye appliance, type the following command:&#x20;

`write memory`&#x20;

###