smash007 0 Posted June 7, 2019 Share Posted June 7, 2019 (edited) Hi! There is no facility configuration to export ESET Security Management Center Syslog. How do I set up a facility? URL used for reference https://help.eset.com/esmc_admin/70/en-US/admin_server_settings_syslog.html Edited June 7, 2019 by smash007 Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted June 7, 2019 ESET Staff Share Posted June 7, 2019 Hello, can you be more specific, about what you would like to configure? Currently, when you enable syslog export, the standard set of logs is being exported. Format / legend is further explained here: https://help.eset.com/esmc_admin/70/en-US/admin_server_settings_syslog.html?events-exported-to-json-format.html We currently do not support any advanced configuration for this. Link to comment Share on other sites More sharing options...
smash007 0 Posted June 7, 2019 Author Share Posted June 7, 2019 (edited) Hi MichalJ. I want to set up a facility for transferring Eset's Syslog to a Syslog server. After confirming the Syslog communication transferred from Eset, the facility has been transferred by user. For example,I want to receive it in any of local0 to local7 Edited June 7, 2019 by smash007 Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted June 7, 2019 ESET Staff Share Posted June 7, 2019 As I am not able to properly understand your intentions, the best thing I would recommend is that you contact Canon, our exclusive distributor in Japan, that might be able to help you with addressing your request. They have trained staff to assist you. Link to comment Share on other sites More sharing options...
smash007 0 Posted June 10, 2019 Author Share Posted June 10, 2019 I want to set the facility code number when reporting log information from Eset Security Manager in SYSLOG Link to comment Share on other sites More sharing options...
Most Valued Members ewong 6 Posted June 10, 2019 Most Valued Members Share Posted June 10, 2019 7 hours ago, smash007 said: I want to set the facility code number when reporting log information from Eset Security Manager in SYSLOG As far as I know and can see, you can't specify the facility to send to. That said, it doesn't mean you can't set up a sys log server which listens to that port and process the incoming info via a script (bash, python...whichever you fancy). Theoretically, you can even set up a syslog server script using a different port to 514, which reads incoming information and then resend it directly to the local syslog server (and to whichever facility you choose). While it is an indirect way/workaround to the current issue of no facility-specifications in the syslog config, it's better than nothing. Edmund Link to comment Share on other sites More sharing options...
smash007 0 Posted June 10, 2019 Author Share Posted June 10, 2019 ewon. Thank you for your reply. After all you can not set facility. I'm sorry. I confirmed that the facility will be imported as "user" when forwarding logs to the Syslog server, so I wanted to change it. Consider changing the port number instead of the log file and importing directly by telegram. Thank you Link to comment Share on other sites More sharing options...
Recommended Posts