Jump to content

Syslog forwarding filtered


Recommended Posts

Hi,

We are looking to forward all our Events to Graylog.
CEF helps a lot - thanks for implementing.

But only Filtered Websites + Audit Logs are forwarded.
No HIPS-Events, no Device-Events.

A wireshark on the graylog shows no data sent (except the website-filtered)

A Notification with forward to syslog works, but does not contain all information needed 

I can't find a filter on Protect Server or anything else that could have filtered these events.
 

 

Link to comment
Share on other sites

  • Administrators

Could you please provide an example of a HIPS record that was not sent? By default HIPS should not log anything. Likewise Device Control; whether the data is sent out depends on the rule severity. Make sure that the appropriate rules have warning severity set.

Link to comment
Share on other sites

  • Administrators

Please raise a support ticket as it will need to be consulted with developers. However, according to https://help.eset.com/protect_admin/10.0/en-US/admin_server_settings_export_to_syslog.html, Device Control logs are not sent to the Syslog server:

Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...