In this example, one is notified of important events through a SMTP action. Incoming Syslog messages from host 10.10.10.50 are logged to a FILE action, and entries from the security event log are sent to a Linux host with IP address 10.10.10.15.
1. Setting up the Syslog Daemon
To activate the EventSentry Syslog Daemon, either check the UDP or TCP check box in the main configuration screen and then add the authorized IP address to the network. In the Authorized IP Addresses window add the IP address 10.10.10.50 to the list of allow remote Syslog hosts and configure the event log settings as explained below. For more information on the Syslog daemon configuration see "Configuring Syslog".
After you configured the main Syslog options, click the "Syslog to Event Log" tab to enable the Syslog daemon to write to the Windows event log:
The Severity Mapping can be adjusted to match your needs, the screenshot above shows the default configuration. After setting up the Syslog daemon we will setup the actions and filters.
2. Add an SMTP Action
All filters that are going to use this action will send event log entries through the mail server mail.netikus.net sent from firstname.lastname@example.org to email@example.com.
3. Add a FILE Action
All filters that are going to use this action will log event log entries to the file d:\eventsentry\eventsentry_syslog.csv.
4. Add a Syslog Action
All filters that are using this action will send event log entries to host 10.10.10.15.
The "Installed Targets" list should then look like this (the order is not relevant):
5. Add an Include Filter for the SMTP Action
This filter will log Warning, Error and Audit Failure event log messages from the Application, Security and System event log to the action SMTP Action.
6. Add an Include Filter for the Syslog Action
This filter will send all entries from the Security event log to the host defined in action Syslog Action.
7. Add an Include Filter for the FILE Action
This filter will write all entries logged by the EventSentry Syslog daemon to the file specified in the CSV Syslog Target. Since all messages logged by the EventSentry Syslog daemon come from the source EventSentry with event ID 9999 and event category "Syslog" (see the Syslog chapter) we will need to configure the filter accordingly.
This completes the configuration and the Installed Filters list should look like this: