Syslog security restrictions and limits
Due to the security requirements for Syslog server connection, the following settings are fixed and cannot be changed:
•Transport protocol: TLS
•TCP port: 6514
For the same reasons there are additional requirements on the receiving Syslog server:
•IP address: Globally routable IPv4 address
•IDN names : Must use ASCII representation ("xn--")
•FQDN: Must translate to a single fixed IPv4 address.
Using FQDN If your Syslog server operates under multiple machines / IP addresses (CDN), there is no guarantee when and how often the FQDN is re-resolved. It is, however, guaranteed that the first FQDN resolution is completed within a 10-minute window after the server's start as long as the Syslog export is enabled and correctly configured. |
Additional security settings
Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges:
•Outgoing IP addresses from ESET PROTECT Cloud in the Europe region: 51.136.106.164/30
•Outgoing IP addresses from ESET PROTECT Cloud in the USA region: 40.81.8.148/30
•Outgoing IP addresses from ESET PROTECT Cloud in the Japan region: 20.78.10.184/30