Emsisoft’s Syslog integration allows you to forward security related events to an external Security Information and Event Management (SIEM) server. Use this feature for centralized monitoring and log aggregation from multiple data sources. Any Syslog compatible server can be used, i.e. Splunk Connect for Syslog.
Syslog integration setup
Navigate to the ‘Settings’ page of your Emsisoft workspace and scroll down to ‘Integrations’.
1. Add a new integration configuration.
2. Select the event types that you wish to receive.
3. Select ‘Syslog’ in the ‘How’ dropdown box.
4. Enter your Syslog compatible server hostname or IP in the ‘Host’ field and specify its data receiving port.
5. Click ‘OK’ to enable the integration.
Data is always streamed through a secured TLS connection.
The only supported data format is CEF (Common Event Format).
Allow traffic in firewall
Please make sure that your Syslog server can be reached by Emsisoft’s infrastructure. The following IPs need to be allowed in your firewall configuration:
Note: In a future release we will add support for client certificates so you can restrict access to your Syslog server even further with explicit client authentication.