Export logs to Syslog

ESET Remote Administrator is able to export certain logs/events and send them to your Syslog server. Events such as ThreatEvent, Firewall Aggregated Event, HIPS Aggregated Event etc. are generated on any managed client computer running an ESET product (for example, ESET Endpoint Security). These events can be processed by any Security Information and Event Management (SIEM) solution capable of importing events from a Syslog server. Events are written to the Syslog server by ESET Remote Administrator.

1.To enable Syslog server, click Admin > Server Settings > Advanced Settings > Syslog server > Use Syslog server.

2.To enable exporting, click Admin > Server Settings > Advanced Settings > Logging > Export logs to Syslog.

3.Choose one of the following formats for event messages:

a.JSON (JavaScript Object Notation)

b.LEEF (Log Event Extended Format)- format used by IBM's application QRadar