Alexander Keilhofer 0 Posted April 4, 2023 Share Posted April 4, 2023 Hi, We are looking to forward all our Events to Graylog. CEF helps a lot - thanks for implementing. But only Filtered Websites + Audit Logs are forwarded. No HIPS-Events, no Device-Events. A wireshark on the graylog shows no data sent (except the website-filtered) A Notification with forward to syslog works, but does not contain all information needed I can't find a filter on Protect Server or anything else that could have filtered these events. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted April 4, 2023 Administrators Share Posted April 4, 2023 Could you please provide an example of a HIPS record that was not sent? By default HIPS should not log anything. Likewise Device Control; whether the data is sent out depends on the rule severity. Make sure that the appropriate rules have warning severity set. Link to comment Share on other sites More sharing options...
Alexander Keilhofer 0 Posted April 4, 2023 Author Share Posted April 4, 2023 (edited) Hi, These are all set to "warning" Edited April 4, 2023 by Alexander Keilhofer Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted April 4, 2023 Administrators Share Posted April 4, 2023 Please raise a support ticket as it will need to be consulted with developers. However, according to https://help.eset.com/protect_admin/10.0/en-US/admin_server_settings_export_to_syslog.html, Device Control logs are not sent to the Syslog server: Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect. Link to comment Share on other sites More sharing options...
Alexander Keilhofer 0 Posted April 4, 2023 Author Share Posted April 4, 2023 Thank you - I already opened one with my local Support. Link to comment Share on other sites More sharing options...
Recommended Posts