Jump to content

Syslog forwarding filtered


Recommended Posts

Hi,

We are looking to forward all our Events to Graylog.
CEF helps a lot - thanks for implementing.

But only Filtered Websites + Audit Logs are forwarded.
No HIPS-Events, no Device-Events.

A wireshark on the graylog shows no data sent (except the website-filtered)

A Notification with forward to syslog works, but does not contain all information needed 

I can't find a filter on Protect Server or anything else that could have filtered these events.
 

 

Link to comment
Share on other sites

  • Administrators

Could you please provide an example of a HIPS record that was not sent? By default HIPS should not log anything. Likewise Device Control; whether the data is sent out depends on the rule severity. Make sure that the appropriate rules have warning severity set.

Link to comment
Share on other sites

  • Administrators

Please raise a support ticket as it will need to be consulted with developers. However, according to https://help.eset.com/protect_admin/10.0/en-US/admin_server_settings_export_to_syslog.html, Device Control logs are not sent to the Syslog server:

Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...