Alexander Keilhofer 0 Posted April 4 Share Posted April 4 Hi, We are looking to forward all our Events to Graylog. CEF helps a lot - thanks for implementing. But only Filtered Websites + Audit Logs are forwarded. No HIPS-Events, no Device-Events. A wireshark on the graylog shows no data sent (except the website-filtered) A Notification with forward to syslog works, but does not contain all information needed I can't find a filter on Protect Server or anything else that could have filtered these events. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,921 Posted April 4 Administrators Share Posted April 4 Could you please provide an example of a HIPS record that was not sent? By default HIPS should not log anything. Likewise Device Control; whether the data is sent out depends on the rule severity. Make sure that the appropriate rules have warning severity set. Link to comment Share on other sites More sharing options...
Alexander Keilhofer 0 Posted April 4 Author Share Posted April 4 (edited) Hi, These are all set to "warning" Edited April 4 by Alexander Keilhofer Link to comment Share on other sites More sharing options...
Administrators Marcos 4,921 Posted April 4 Administrators Share Posted April 4 Please raise a support ticket as it will need to be consulted with developers. However, according to https://help.eset.com/protect_admin/10.0/en-US/admin_server_settings_export_to_syslog.html, Device Control logs are not sent to the Syslog server: Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect. Link to comment Share on other sites More sharing options...
Alexander Keilhofer 0 Posted April 4 Author Share Posted April 4 Thank you - I already opened one with my local Support. Link to comment Share on other sites More sharing options...
Recommended Posts