Syslog servers
Log concentrator servers, or more simply syslog servers, allow you to centralise all the technical information from your switches, firewalls, servers, etc. They are essential components of the main security framework (NIS2, ISO27000, etc.). Without the complexity of a SIEM, Esia's syslog server allows you to quickly set up the concentrator and link your Esia nodes to the logs received.
In order to reduce/distribute the load, there is nothing to prevent you from linking several Syslog servers to an Esia Heimdall/Mercury.
Configuration
After installing your Syslog server and establishing the connection, you can simply link your Esia nodes with the name or IP address of the machine sending the logs. This link is automatic if the names are identical on your Esia and your log sink.
Retention period
As Syslog servers generate a lot of data, you can configure them to automatically purge this data.
Alert rules
Rules can be applied to centralise log reports according to severity levels in your ESIA interface.
The rules you have created are displayed in your interface, along with essential information:
- Last shipment
- Syslog message content
- Number of matches before sending the alert
- Reception interval
All logs
All Syslog logs are displayed in your ESIA interface:
- The date
- The issuer
- Severity
- The facility
- The message
Thanks to Esia's renowned ‘tablesorter’, you can easily sort/use your data.
Clear vision
In addition to log reports, ESIA provides you with essential information to ensure the proper functioning of your Syslog servers.
Information about your servers is always available in several ways in ESIA, including in graph form.
