From 253fab4d8276de008ab963e7ea4704189bb0d5bf Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Mon, 30 Mar 2020 13:12:31 -0500
Subject: [PATCH 1/7] UX 233 secure syslog updates

Updates for new secure syslog protocols.
---
 content/admin/org_settings/ServerDefaults.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/content/admin/org_settings/ServerDefaults.md b/content/admin/org_settings/ServerDefaults.md
index 6f083020..3230ec5d 100644
--- a/content/admin/org_settings/ServerDefaults.md
+++ b/content/admin/org_settings/ServerDefaults.md
@@ -66,11 +66,15 @@ Go to the **User menu > Organization Settings > Servers tab** to start setting u
 * Check the box to **Enable bot blocking**. 
 
 * Check the box to **Enable output of Protect events to Syslog**. 
-	* Enter the **IP Address** and **Port** in the given fields. Use the dropdown menu to chose the **Facility**. 
-	* Click on the event severity badges, and use the dropdown menu to choose a message **Severity** level for each one. The defaults are:
-	 * **1 - Alert** for Exploited
-	 * **4 - Warning** for Blocked
-	 * **5 - Notice** for Probed 
+	* Enter the **Syslog Server Host**.
+	* Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
+	* Enter the **Port**. 
+	* Use the dropdown menu to chose the **Facility**. 
+	* Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
+		* **1 - Alert** for Exploited
+		* **2 - Critical** for Suspicious
+		* **3 - Warning** for Blocked
+		* **4 - Warning** for Blocked (P) 
 
 <a href="assets/images/Server-default-syslog.png" rel="lightbox" title="Configure output to Syslog"><img class="thumbnail" src="assets/images/Server-default-syslog.png"/></a>
 

From 2d7f6a10d09359e74808fa0fbe52c30fe2f64996 Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Mon, 30 Mar 2020 15:57:22 -0500
Subject: [PATCH 2/7] orgsettings update

---
 content/admin/org_settings/ServerDefaults.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/content/admin/org_settings/ServerDefaults.md b/content/admin/org_settings/ServerDefaults.md
index 3230ec5d..c4da8a34 100644
--- a/content/admin/org_settings/ServerDefaults.md
+++ b/content/admin/org_settings/ServerDefaults.md
@@ -72,11 +72,11 @@ Go to the **User menu > Organization Settings > Servers tab** to start setting u
 	* Use the dropdown menu to chose the **Facility**. 
 	* Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
 		* **1 - Alert** for Exploited
-		* **2 - Critical** for Suspicious
-		* **3 - Warning** for Blocked
-		* **4 - Warning** for Blocked (P) 
-
-<a href="assets/images/Server-default-syslog.png" rel="lightbox" title="Configure output to Syslog"><img class="thumbnail" src="assets/images/Server-default-syslog.png"/></a>
+		* **2 - Warning** for Suspicious
+		* **4 - Warning** for Probed
+		* **4 - Warning** for Probed (P)
+		* **5 - Notice** for Blocked
+		* **5 - Notice** for Blocked (P)
 
 * Check the box to **Automatically apply Protect licenses to new servers**.
 

From 90c343a89d5c2d9ef61565acf8626000c3f6309a Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Mon, 30 Mar 2020 15:59:57 -0500
Subject: [PATCH 3/7] Update OutputtoSyslog.md

---
 content/user/servers/OutputtoSyslog.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/content/user/servers/OutputtoSyslog.md b/content/user/servers/OutputtoSyslog.md
index 5d983e10..6050a500 100644
--- a/content/user/servers/OutputtoSyslog.md
+++ b/content/user/servers/OutputtoSyslog.md
@@ -26,7 +26,21 @@ To enable Syslog on an individual server, hover over the grid row, and select th
 
 <a href="assets/images/Server-settings-grid.png" rel="lightbox" title="Enable Syslog for a server in Server Settings"><img class="thumbnail" src="assets/images/Server-settings-grid.png"/></a>
 
-In the **Server Settings** dialog, check the box to **Enable output of Protect events to Syslog**. If Syslog defaults have been set for the server environment in **Organization Settings**, the values are prepopulated in the fields that appear. Once you save the settings, Syslog is enabled on the server.
+In the **Server Settings** dialog, check the box to **Enable output of Protect events to Syslog**. Complete the following steps to configure output. 
+
+1. Enter the **Syslog Server Host**.
+2. Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
+3. Enter the **Port**. 
+4. Use the dropdown menu to chose the **Facility**. 
+5. Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
+   * **1 - Alert** for Exploited
+   * **2 - Warning** for Suspicious
+   * **4 - Warning** for Probed
+   * **4 - Warning** for Probed (P)
+   * **5 - Notice** for Blocked
+   * **5 - Notice** for Blocked (P)
+
+If Syslog defaults have been set for the server environment in **Organization Settings** at the time of server creation, then the values are prepopulated in the fields that appear. Once you save the settings, Syslog is enabled on the server.
 
 ### Multiple servers
 

From c88e6158983819fd2cf4d8b09f43ba4a236837ac Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Tue, 31 Mar 2020 11:33:23 -0500
Subject: [PATCH 4/7] Update ServerDefaults.md

---
 content/admin/org_settings/ServerDefaults.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/admin/org_settings/ServerDefaults.md b/content/admin/org_settings/ServerDefaults.md
index c4da8a34..688c5b7f 100644
--- a/content/admin/org_settings/ServerDefaults.md
+++ b/content/admin/org_settings/ServerDefaults.md
@@ -69,7 +69,7 @@ Go to the **User menu > Organization Settings > Servers tab** to start setting u
 	* Enter the **Syslog Server Host**.
 	* Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
 	* Enter the **Port**. 
-	* Use the dropdown menu to chose the **Facility**. 
+	* Use the dropdown menu to choose the **Facility**. 
 	* Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
 		* **1 - Alert** for Exploited
 		* **2 - Warning** for Suspicious

From 579240192831e99864f358ff5f039b5f2d7b0a5f Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Tue, 31 Mar 2020 11:33:39 -0500
Subject: [PATCH 5/7] Update OutputtoSyslog.md

---
 content/user/servers/OutputtoSyslog.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/user/servers/OutputtoSyslog.md b/content/user/servers/OutputtoSyslog.md
index 6050a500..a4fdb76b 100644
--- a/content/user/servers/OutputtoSyslog.md
+++ b/content/user/servers/OutputtoSyslog.md
@@ -31,7 +31,7 @@ In the **Server Settings** dialog, check the box to **Enable output of Protect e
 1. Enter the **Syslog Server Host**.
 2. Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
 3. Enter the **Port**. 
-4. Use the dropdown menu to chose the **Facility**. 
+4. Use the dropdown menu to choose the **Facility**. 
 5. Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
    * **1 - Alert** for Exploited
    * **2 - Warning** for Suspicious

From 8ff88c6ebb2d6b155997190d56d30721d97b0f60 Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Fri, 3 Apr 2020 15:10:46 -0500
Subject: [PATCH 6/7] Update ServerDefaults.md

---
 content/admin/org_settings/ServerDefaults.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/content/admin/org_settings/ServerDefaults.md b/content/admin/org_settings/ServerDefaults.md
index 688c5b7f..743a7916 100644
--- a/content/admin/org_settings/ServerDefaults.md
+++ b/content/admin/org_settings/ServerDefaults.md
@@ -74,7 +74,6 @@ Go to the **User menu > Organization Settings > Servers tab** to start setting u
 		* **1 - Alert** for Exploited
 		* **2 - Warning** for Suspicious
 		* **4 - Warning** for Probed
-		* **4 - Warning** for Probed (P)
 		* **5 - Notice** for Blocked
 		* **5 - Notice** for Blocked (P)
 

From 2c79112a8e602f248a7606d1ec456f0f1404aa01 Mon Sep 17 00:00:00 2001
From: Gayle Davidson <58708089+gdvdsn-contrast@users.noreply.github.com>
Date: Fri, 3 Apr 2020 15:11:10 -0500
Subject: [PATCH 7/7] Update OutputtoSyslog.md

---
 content/user/servers/OutputtoSyslog.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/content/user/servers/OutputtoSyslog.md b/content/user/servers/OutputtoSyslog.md
index a4fdb76b..fe6cdbcb 100644
--- a/content/user/servers/OutputtoSyslog.md
+++ b/content/user/servers/OutputtoSyslog.md
@@ -36,7 +36,6 @@ In the **Server Settings** dialog, check the box to **Enable output of Protect e
    * **1 - Alert** for Exploited
    * **2 - Warning** for Suspicious
    * **4 - Warning** for Probed
-   * **4 - Warning** for Probed (P)
    * **5 - Notice** for Blocked
    * **5 - Notice** for Blocked (P)