To integrate the ESET PROTECT Syslog Collector, do the following:
Enable the ESET PROTECT Syslog Collector
Install the XDR Collector
Configure Syslog output in ESET PROTECT
Enable Syslog output for ESET PROTECT On-Prem
Enable remote Syslog output for ESET PROTECT Cloud
Open the port on the XDR Collector Host
Enable the ESET PROTECT Syslog Collector
In Barracuda XDR Dashboard, navigate to Administration > Integrations.
Select the Enabled check box.
Click Save.
Install the XDR Collector
If you haven't already set up the XDR Collector, do one of the following:
Configure Syslog On-Prem or Syslog Cloud output
Follow one of the procedures below:
Enable Syslog output for ESET PROTECT On-Prem
Enable remote Syslog output for ESET PROTECT Cloud
Enable Syslog output for ESET PROTECT On-Prem
In ESET PROTECT On-Prem, click More > Settings > Advanced Settings > Syslog Server.
Click the slider bar next to Enable Syslog.
Specify the following settings:
Host: IP Address of the XDR Collector host
Port number: 6514
Format: Syslog
Transport: TCP
Scroll to the Logging section.
Trace log verbosity: Informational
Export logs to Syslog toggle: Enabled
Exported logs format: JSON
Click Save.
Proceed to the Open the port on the XDR Collector Host procedure below.
Enable remote Syslog output for ESET PROTECT Cloud
In ESET PROTECT, navigate to More > Settings > Syslog Server.
Click the slider bar next to Enable Syslog.
Specify the following settings:
Format of payload: JSON
Format of the envelope: Syslog
Minimum log Level: Informational
Event types to log: Select All event types
Destination IP: IP Address of the XDR Collector host
Port number: 6514
Click Save.
Proceed to the Open the port on the XDR Collector Host procedure below.
Open the port on the XDR Collector Host
Ensure incoming traffic is allowed on TCP port 6514.
Linux
udo ufw allow 6514/tcp
Windows
netsh advfirewall firewall add rule name="ESET PROTECT SYSLOG Events" dir=in action=allow protocol=TCP localport=6514