Syslog security restrictions and limits
Due to the security requirements for Syslog server connection, the following settings are fixed and cannot be changed:
•Transport protocol: TLS
•TCP port: 6514
For the same reasons there are additional requirements on the receiving Syslog server:
•IP address: Globally routable IPv4 address
•IDN names : Must use ASCII representation ("xn--")
•FQDN: Must translate to a single fixed IPv4 address.
Using FQDN: If your Syslog server operates under multiple machines / IP addresses (CDN), there is no guarantee when and how often the FQDN is re-resolved. It is, however, guaranteed that the first FQDN resolution is completed within a 10-minute window after the server's start as long as the Syslog export is enabled and correctly configured. |
CA root certificate validation of TLS connection: When TLS verification is enabled, the following requirements must be met to verify your server certificate:
•Certificate validation must be enabled
•The whole certificate chain in PEM format is uploaded and saved in the Syslog export configuration (this includes root CA, as there are no built-in trusted certificates)
•Your Syslog server's certificate provides a Subject Alternative Name extension (DNS=/IP=), in which at least one record corresponds to the FQDN/IP hostname configuration.
Additional security settings: Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges: •Outgoing IP addresses from ESET PROTECT Cloud in the Europe region: 51.136.106.164/30 •Outgoing IP addresses from ESET PROTECT Cloud in the USA region: 40.81.8.148/30 •Outgoing IP addresses from ESET PROTECT Cloud in the Japan region: 20.78.10.184/30 |