Export logs to Syslog

ESET PROTECT Cloud is able to export certain logs/events and send them to your Syslog server. Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and Enterprise Inspector.  Events are generated on any managed client computer running an ESET product (for example, ESET Endpoint Security). These events can be processed by any Security Information and Event Management (SIEM) solution capable of importing events from a Syslog server. Events are written to the Syslog server by ESET PROTECT Cloud.

1. To enable Syslog server, click More > Settings > Syslog > Enable Syslog Sending.  

2.Choose one of the following formats for event messages:

a.JSON (JavaScript Object Notation)

b.LEEF (Log Event Extended Format) - format used by IBM's application QRadar.

To filter the event logs sent to Syslog, create a log category notification with a defined filter.