Syslog forwarding filtered

[Alexander Keilhofer 0]

Hi,

We are looking to forward all our Events to Graylog.
CEF helps a lot - thanks for implementing.

But only Filtered Websites + Audit Logs are forwarded.
No HIPS-Events, no Device-Events.

A wireshark on the graylog shows no data sent (except the website-filtered)

A Notification with forward to syslog works, but does not contain all information needed 

I can't find a filter on Protect Server or anything else that could have filtered these events.
 

 

[Marcos 4,704]

Could you please provide an example of a HIPS record that was not sent? By default HIPS should not log anything. Likewise Device Control; whether the data is sent out depends on the rule severity. Make sure that the appropriate rules have warning severity set.

[Alexander Keilhofer 0]

Hi,

These are all set to "warning"

Edited April 4 by Alexander Keilhofer

[Marcos 4,704]

Please raise a support ticket as it will need to be consulted with developers. However, according to https://help.eset.com/protect_admin/10.0/en-US/admin_server_settings_export_to_syslog.html, Device Control logs are not sent to the Syslog server:

Events from the following log categories are being exported to Syslog server: Detection, Firewall, HIPS, Audit and ESET Inspect.

[Alexander Keilhofer 0]

Thank you - I already opened one with my local Support.