[KB8022] Export logs to Syslog server from ESET PROTECT On-Prem

Issue

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  • Send notifications to your Syslog server from ESET PROTECT On-Prem
  • Export Threat events, Firewall Aggregated events, HIPS Aggregated events, Audit events, Enterprise Inspector alert events

Solution

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click More  Settings and expand Advanced Settings.

    Figure 1-1
  3. In the Syslog Server section:

    1. Next to Use Syslog server, click the toggle to enable it.

    2. In the Host field, type the IP address or hostname for the destination of Syslog messages.

    3. In the Port field, the default value is set to 514.

  4. In the Logging section, click the toggle next to Export logs to Syslog to enable it and click Save.

    Figure 1-2
  5. For a detailed list of the format and meaning of attributes of all exported events (Threat events, ESET Firewall events, HIPS events, Audit events, Enterprise Inspector alert events), visit the Export logs to Syslog Online Help topic.