Export logs to Syslog
ESET PROTECT can export certain logs/events and send them to your Syslog server. Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect. Events are generated on any managed client computer running an ESET product (for example, ESET Endpoint Security). These events can be processed by any Security Information and Event Management (SIEM) solution capable of importing events from a Syslog server. Events are written to the Syslog server by ESET PROTECT.
|
Make sure your Syslog server supports UTF-8 BOM encoding of Syslog messages. |
|
The maximum size of a message is set to 8 KB. Messages longer than 8000 characters will be automatically shortened. |
1.To enable Syslog server, click More > Settings > Syslog > Enable Syslog sending.
|
All exported logs are available to Syslog users without limitations. |
2.Choose one of the following formats for event messages:
•JSON (JavaScript Object Notation)
•LEEF (Log Event Extended Format) - format used by IBM's application QRadar.
•CEF (Common Event Format)
To filter the event logs sent to Syslog, create a log category notification with a defined filter.
|
Be aware that if the Syslog server is not reachable, messages are not stored and will not be sent retrospectively; they are discarded. |