Contrast-Security-OSS · gdvdsn-contrast · Mar 30, 2020 · Mar 30, 2020 · Mar 30, 2020 · Mar 31, 2020
diff --git a/content/admin/org_settings/ServerDefaults.md b/content/admin/org_settings/ServerDefaults.md
@@ -66,13 +66,16 @@ Go to the **User menu > Organization Settings > Servers tab** to start setting u
 * Check the box to **Enable bot blocking**. 
 
 * Check the box to **Enable output of Protect events to Syslog**. 
-	* Enter the **IP Address** and **Port** in the given fields. Use the dropdown menu to chose the **Facility**. 
-	* Click on the event severity badges, and use the dropdown menu to choose a message **Severity** level for each one. The defaults are:
-	 * **1 - Alert** for Exploited
-	 * **4 - Warning** for Blocked
-	 * **5 - Notice** for Probed 
-
-<a href="assets/images/Server-default-syslog.png" rel="lightbox" title="Configure output to Syslog"><img class="thumbnail" src="assets/images/Server-default-syslog.png"/></a>
+	* Enter the **Syslog Server Host**.
+	* Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
+	* Enter the **Port**. 
+	* Use the dropdown menu to choose the **Facility**. 
+	* Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
+		* **1 - Alert** for Exploited
+		* **2 - Warning** for Suspicious
+		* **4 - Warning** for Probed
+		* **5 - Notice** for Blocked
+		* **5 - Notice** for Blocked (P)
 
 * Check the box to **Automatically apply Protect licenses to new servers**.
 

diff --git a/content/user/servers/OutputtoSyslog.md b/content/user/servers/OutputtoSyslog.md
@@ -26,7 +26,20 @@ To enable Syslog on an individual server, hover over the grid row, and select th
 
 <a href="assets/images/Server-settings-grid.png" rel="lightbox" title="Enable Syslog for a server in Server Settings"><img class="thumbnail" src="assets/images/Server-settings-grid.png"/></a>
 
-In the **Server Settings** dialog, check the box to **Enable output of Protect events to Syslog**. If Syslog defaults have been set for the server environment in **Organization Settings**, the values are prepopulated in the fields that appear. Once you save the settings, Syslog is enabled on the server.
+In the **Server Settings** dialog, check the box to **Enable output of Protect events to Syslog**. Complete the following steps to configure output. 
+
+1. Enter the **Syslog Server Host**.
+2. Use the dropdown menu to choose the **Protocol**. Options include **UDP**, **TCP**, and **TCP + TLS**.
+3. Enter the **Port**. 
+4. Use the dropdown menu to choose the **Facility**. 
+5. Use the dropdown menus to choose the **Syslog Message Severity** level for each attack event result. The defaults are:
+   * **1 - Alert** for Exploited
+   * **2 - Warning** for Suspicious
+   * **4 - Warning** for Probed
+   * **5 - Notice** for Blocked
+   * **5 - Notice** for Blocked (P)
+
+If Syslog defaults have been set for the server environment in **Organization Settings** at the time of server creation, then the values are prepopulated in the fields that appear. Once you save the settings, Syslog is enabled on the server.
 
 ### Multiple servers