ESET Online Help

Search English
Select the topic

Syslog security restrictions and limits

Due to the security requirements for Syslog server connection, the following settings are fixed and cannot be changed:

Transport protocol: TLS

TCP port: 6514

For the same reasons there are additional requirements on the receiving Syslog server:

IP address: Globally routable IPv4 address

IDN names : Must use ASCII representation ("xn--")

FQDN: Must translate to a single fixed IPv4 address.

note

Using FQDN

If your Syslog server operates under multiple machines / IP addresses (CDN), there is no guarantee when and how often the FQDN is re-resolved. It is, however, guaranteed that the first FQDN resolution is completed within a 10-minute window after the server's start as long as the Syslog export is enabled and correctly configured.

Additional security settings

Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges:

Outgoing IP addresses from ESET PROTECT in the Europe region: 51.136.106.164/30

Outgoing IP addresses from ESET PROTECT in the USA region: 40.81.8.148/30

Outgoing IP addresses from ESET PROTECT in the Japan region: 20.78.10.184/30