Syslog/SIEM integration

  • July 4, 2022
  • min read

Emsisoft’s Syslog integration allows you to forward security related events to an external Security Information and Event Management (SIEM) server. Use this feature for centralized monitoring and log aggregation from multiple data sources. Any Syslog compatible server can be used, i.e. Splunk Connect for Syslog.

Syslog integration setup

Navigate to the ‘Settings’ page of your Emsisoft workspace and scroll down to ‘Integrations’.

1. Add a new integration configuration.

Syslog/SIEM integration configuration in Emsisoft Management Console

2. Select the event types that you wish to receive.

3. Select ‘Syslog’ in the ‘How’ dropdown box.

4. Enter your Syslog compatible server hostname or IP in the ‘Host’ field and specify its data receiving port.

5. Click ‘OK’ to enable the integration.

Secured connection

Data is always streamed through a secured TLS connection.

Data format

The only supported data format is CEF (Common Event Format).

Allow traffic in firewall

Please make sure that your Syslog server can be reached by Emsisoft’s infrastructure. The following IPs need to be allowed in your firewall configuration:

157.90.227.118
157.90.227.179
157.90.227.137
157.90.229.47

Note: In a future release we will add support for client certificates so you can restrict access to your Syslog server even further with explicit client authentication.

 

Rating: 5.0/5. From 3 votes.
Please wait...

Similar topics