--- title: Forescout description: Gain insights into Forescout logs breadcrumbs: Docs > Integrations > Forescout --- # Forescout Supported OS Integration version1.0.0 Forescout OverviewForescout Threat ProtectionForescout Threat ProtectionForescout Threat ProtectionForescout NAC Policy LogsForescout System Logs and EventsForescout System Logs and EventsForescout User Operations ## Overview{% #overview %} [Forescout](https://www.forescout.com/) is a security appliance designed to dynamically detect and assess network endpoints and applications as they connect. It enforces control policies, provides remediation, and continuously monitors devices to ensure security and compliance across the network. Integrate Forescout with Datadog's pre-built dashboard visualizations to gain insights into NAC Policy, Threat Protection, System Logs, and User Operations logs. With Datadog's built-in log pipeline, you can parse and enrich these logs to facilitate easy search and detailed insights. The integration can also be used for Cloud SIEM detection rules for enhanced monitoring and security. **Minimum Agent version:** 7.73.0 ## Setup{% #setup %} ### Prerequisites{% #prerequisites %} - The `Syslog` plugin must be installed in your Forescout setup. ### Configuration{% #configuration %} #### Log Collection{% #log-collection %} 1. Collecting logs is disabled by default in the Datadog Agent. Enable it in the `datadog.yaml` file with: ```yaml logs_enabled: true ``` 1. Add this configuration block to your `forescout.d/conf.yaml` file to start collecting your Forescout logs: ```yaml logs: - type: tcp # or 'udp' port: source: forescout service: forescout ``` See the sample configuration file ([forescout.d/conf.yaml](https://github.com/DataDog/integrations-core/blob/master/forescout/datadog_checks/iboss/data/conf.yaml.example)) for available options. **Note**: Do not change the `source` and `service` values, as these parameters are integral to the pipeline's operation. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent). #### Configure timezone in Forescout{% #configure-timezone-in-forescout %} Follow these steps if the Forescout appliance is not in the GMT timezone. 1. Log in to the Forescout CounterACT appliance using root access via the command shell. 1. Run the timezone configuration command: ```sh fstool tz ``` 1. Follow the setup prompts and configure the options as needed: ```text Select different time-zone? (yes/no): yes Choice (1-2) [1]: 2 Enter the GMT offset (number between -14 and 12): 0 Confirm Set time-zone to GMT? (yes/no) [yes]: yes Reboot is required to fully apply the time-zone change. Reboot now: yes ``` #### Configure syslog message forwarding from Forescout{% #configure-syslog-message-forwarding-from-forescout %} 1. Log in to the Forescout Console. 1. Navigate to **Tools > Options**. 1. Click **Syslog** from the options list. 1. Go to the **Send Events To** section and click **Add**. 1. Enter the details as below for syslog configuration: - **Server Address**: Enter the IP address or hostname of the syslog server. - **Server Port**: Specify the port number on which the syslog server is listening. - **Server Protocol**: Select the protocol (UDP or TCP) to send the syslog messages. - **Identity**: Set this to `forescout-syslog`. - **Facility**: Set this to `syslog`. - **Severity**: Set this to `info`. 1. Click **OK**. 1. Go to the **Syslog Triggers** tab and configure the following: - Ensure the **Include only messages generated by the "Send Message to Syslog" action** checkbox is deselected. - In the **Select format type for system log events and user operations** dropdown, select **Short**. - Under **NAC Events**, **Threat Protection**, **System Logs and Events**, and **User Operations**, include all the event types. 1. Click **Apply**. **Note**: The `Server Port` value should be similar to the port provided in the `Log Collection` section. ### Validation{% #validation %} [Run the Agent's status subcommand](https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information) and look for `forescout` under the Logs Agent section. ## Data Collected{% #data-collected %} ### Logs{% #logs %} The Forescout integration collects `NAC Policy`, `Threat Protection`, `System`, and `User Operations` logs. ### Metrics{% #metrics %} The Forescout does not include any metrics. ### Events{% #events %} The Forescout integration does not include any events. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).