Jump to content

About ESET Security Management Center Syslog Settings

smash007
 Share

Recommended Posts

  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

Hello, can you be more specific, about what you would like to configure? Currently, when you enable syslog export, the standard set of logs is being exported. Format / legend is further explained here: https://help.eset.com/esmc_admin/70/en-US/admin_server_settings_syslog.html?events-exported-to-json-format.html

We currently do not support any advanced configuration for this. 

Link to comment
Share on other sites
smash007

smash007 0

Posted
  • Author
Posted (edited)

 

Hi MichalJ. I want to set up a facility for transferring Eset's Syslog to a Syslog server. After confirming the Syslog communication transferred from Eset, the facility has been transferred by user.

For example,I want to receive it in any of local0 to local7

Edited by smash007
Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

As I am not able to properly understand your intentions, the best thing I would recommend is that you contact Canon, our exclusive distributor in Japan, that might be able to help you with addressing your request. They have trained staff to assist you. 

Link to comment
Share on other sites
  • Most Valued Members
ewong

ewong 8

Posted
  • Most Valued Members
Posted
7 hours ago, smash007 said:

I want to set the facility code number when reporting log information from Eset Security Manager in SYSLOG

As far as I know and can see, you can't specify the facility to send to.  That said, it doesn't mean you can't set up a sys log server which listens to that port and process the incoming info via a script (bash, python...whichever you fancy).   Theoretically, you can even set up a syslog server script using a different port to 514,  which reads incoming information and then resend it directly to the local syslog server (and to whichever facility you choose).

While it is an indirect way/workaround to the current issue of no facility-specifications in the syslog config, it's better than nothing.

Edmund

 

 

Link to comment
Share on other sites
smash007

smash007 0

Posted
  • Author
Posted

ewon. Thank you for your reply.
After all you can not set facility.
I'm sorry.
I confirmed that the facility will be imported as "user" when forwarding logs to the Syslog server, so I wanted to change it.
Consider changing the port number instead of the log file and importing directly by telegram.
Thank you

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...