ESET Online Help

Search English
Select the topic

SysLogs export

ESET Cloud Office Security can export logged events listed in Detections and send them to your Syslog server. You can export events for Exchange Online/Gmail, OneDrive/Google Drive, Team groups and SharePoint Online. Set up multiple SysLog exports if required; for example, you can have one SysLog for each tenant or any combination of tenants and events. You can activate/deactivate existing Syslog exports by editing them.

You can add a new Syslog or modify an existing one and its settings.

1.Click Add Syslog to open a template and specify custom settings. Type a report Name.

2.Click Enabled Syslog

3.Select one of the following formats for event messages:

CEF (Common Event Format)

LEEF (Log Event Extended Format) - format used by IBM's application QRadar.

JSON (JavaScript Object Notation)

IP/Hostname

Enter connection details to your Syslog server.

Port

The pre-defined port for the Syslog server connection is 6514. You can change the port number within the range of 6400-6600 to match your Syslog server port if it is different than 6514.

Transport protocol: TLS (requires a valid server SSL/TLS certificate issued by a trusted Certificate Authority)

Default TCP port: 6514

Due to the security requirements for Syslog server connection, there are additional requirements on the receiving Syslog server:

IP address: Globally routable IPv4 address

IDN names: Must use ASCII representation ("xn--")

FQDN: Must translate to a single fixed IPv4 address

Select Tenants

Click Select and use check boxes to select the tenants for which you want to receive the events.

Log detections

Select the log events you want to export to your Syslog server.

Optional fields for scan logs

Select the fields you want to include in syslog messages.

Send audit logs

Audit logs will be sent out as part of the scan logs. Additionally, you can use the Send test log to ensure the functionality.

Additional security settings

Ensure your Syslog server firewall settings allow connection from the following IP addresses:

Outgoing IP address from ESET Cloud Office Security in the US region: 40.83.165.184

Outgoing IP address from ESET Cloud Office Security in the EU region: 51.144.165.221

Outgoing IP address from ESET Cloud Office Security in the CA region: 52.228.24.113