It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Setting up ESET PROTECT Syslog Collector

  • Last updated on

To integrate the ESET PROTECT Syslog Collector, do the following:

  • Enable the ESET PROTECT Syslog Collector

  • Install the XDR Collector

  • Configure Syslog output in ESET PROTECT

    • Enable Syslog output for ESET PROTECT On-Prem

    • Enable remote Syslog output for ESET PROTECT Cloud

  • Open the port on the XDR Collector Host

Enable the ESET PROTECT Syslog Collector

  1. In Barracuda XDR Dashboard, navigate to Administration >  Integrations.

    ESET PROTECT COLLECTOR CARD.png

  2. Select the Enabled check box.

    ESETProtectCollectorEdit.png

  3. Click Save.

Install the XDR Collector

When collecting logs from one or more integrated data sources, always set up the XDR Collector on a dedicated host server. Don't use an existing server because the amount of data produced by logs can impact critical infrastructure.

Configure Syslog On-Prem or Syslog Cloud output

Follow one of the procedures below:

  • Enable Syslog output for ESET PROTECT On-Prem

  • Enable remote Syslog output for ESET PROTECT Cloud

Enable Syslog output for ESET PROTECT On-Prem
  1. In ESET PROTECT On-Prem, click More > Settings > Advanced Settings > Syslog Server.

  2. Click the slider bar next to Enable Syslog.

  3. Specify the following settings:

    • Host: IP Address of the XDR Collector host

    • Port number: 6514

    • Format: Syslog

    • Transport: TCP

  4. Scroll to the Logging section.

    • Trace log verbosity: Informational

    • Export logs to Syslog toggle: Enabled

    • Exported logs format: JSON

  5. Click Save.

  6. Proceed to the Open the port on the XDR Collector Host procedure below.

Enable remote Syslog output for ESET PROTECT Cloud

Remote Syslog requires a public static IP address for the XDR Collector host. See the links under Additional Details in order to whitelist the incoming source IP’s.

  1. In ESET PROTECT, navigate to More > Settings > Syslog Server.

  2. Click the slider bar next to Enable Syslog.

  3. Specify the following settings:

    • Format of payload: JSON

    • Format of the envelope: Syslog

    • Minimum log Level: Informational

    • Event types to log: Select All event types

    • Destination IP: IP Address of the XDR Collector host

    • Port number: 6514

  4. Click Save.

  5. Proceed to the Open the port on the XDR Collector Host procedure below.

Open the port on the XDR Collector Host

Ensure incoming traffic is allowed on TCP port 6514.

Linux

udo ufw allow 6514/tcp

Windows

netsh advfirewall firewall add rule name="ESET PROTECT SYSLOG Events" dir=in action=allow protocol=TCP localport=6514