Export logs to Syslog
ESET PROTECT can export certain logs/events and send them to your Syslog server. Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect. Events are generated on any managed client computer running an ESET product (for example, ESET Endpoint Security). These events can be processed by any Security Information and Event Management (SIEM) solution capable of importing events from a Syslog server. Events are written to the Syslog server by ESET PROTECT.
1.To enable Syslog server, click More > Settings > Syslog > Enable Syslog Sending.
All exported logs are available to Syslog users without limitations. |
2.Choose one of the following formats for event messages:
•JSON (JavaScript Object Notation)
•LEEF (Log Event Extended Format) - format used by IBM's application QRadar.
•CEF (Common Event Format)
To filter the event logs sent to Syslog, create a log category notification with a defined filter.