Syslog server

If you have a Syslog server running in your network, you can configure ESET PROTECT Cloud Server to send Notifications to your Syslog server. You can also enable Export logs to Syslog to receive certain events (Detection Event, Firewall Aggregated Event, HIPS Aggregated Event, etc.) from client computers running ESET Endpoint Security, for example.

To enable the Syslog server:

1.Click More > Settings > Syslog and click the slider bar next to Enable Syslog sending.

2.Specify the following mandatory settings:

a.Format of payload:—JSON, LEEF or CEF

b.Format of envelope of the log—BSD (specification), Syslog (specification)

c.Minimal log levelInformation, Warning, Error or Critical

d.Event type of logs—Select the type of logs you want to include (Antivirus, HIPS, Firewall, Web protection, Audit Log, Blocked files, ESET Inspect alerts).

e.Destination IP or FQDN of TLS-compatible syslog server—IPv4 address or hostname of the destination for Syslog messages

f.Validate CA Root certificates of TLS connections—Click the slider bar if you want to enable the certificate validation for the connection between your Syslog server and ESET PROTECT Cloud.  After the validation is enabled a new text field will be displayed where you can copy and paste the required certificate chain.

After making the applicable changes, click Apply settings. The configuration becomes effective in 10 minutes.


note

The regular application log file is constantly being written to. Syslog only serves as a medium to export certain asynchronous events, such as notifications or various client computer events.