Syslog security restrictions and limits
Due to the security requirements for Syslog server connection, the following settings are fixed and cannot be changed:
•Transport protocol: TLS
•TCP port: 6514
For the same reasons there are additional requirements on the receiving Syslog server:
•IP address: Globally routable IPv4 address
•IDN names : Must use ASCII representation ("xn--")
•FQDN: Must translate to a single fixed IPv4 address.
|
Using FQDN If your Syslog server operates under multiple machines / IP addresses (CDN), there is no guarantee when and how often the FQDN is re-resolved. It is, however, guaranteed that the first FQDN resolution is completed within a 10-minute window after the server's start as long as the Syslog export is enabled and correctly configured. |
Additional security settings
Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges:
•Outgoing IP addresses from ESET PROTECT in the Europe region:
•51.136.106.164
•51.136.106.165
•51.136.106.166
•51.136.106.167
•Outgoing IP addresses from ESET PROTECT in the USA region:
•40.81.8.148
•40.81.8.149
•40.81.8.150
•40.81.8.151
•Outgoing IP addresses from ESET PROTECT in the Japan region:
•20.78.10.184
•20.78.10.185
•20.78.10.186
•20.78.10.187
•Outgoing IP addresses from ESET PROTECT in the Canada region:
•20.48.241.160
•20.48.241.161
•20.48.241.162
•20.48.241.163