Example 3: SMTP, FILE and SYSLOG Action, SYSLOG Daemon

<< Click to Display Table of Contents >>

Navigation:  Additional Tips and Resources > Examples & Templates > Filter & Target Examples >

Example 3: SMTP, FILE and SYSLOG Action, SYSLOG Daemon

In this example, one is notified of important events through a SMTP action. Incoming Syslog messages from host 10.10.10.50 are logged to a FILE action, and entries from the security event log are sent to a Linux host with IP address 10.10.10.15.

 

1. Setting up the Syslog Daemon

To activate the EventSentry Syslog Daemon, either check the UDP or TCP check box in the main configuration screen and then add the authorized IP address to the network. In the Authorized IP Addresses window add the IP address 10.10.10.50 to the list of allow remote Syslog hosts and configure the event log settings as explained below. For more information on the Syslog daemon configuration see "Configuring Syslog".

 

clip0219

 

After you configured the main Syslog options, click the "Syslog to Event Log" tab to enable the Syslog daemon to write to the Windows event log:

 

clip0220

 

The Severity Mapping can be adjusted to match your needs, the screenshot above shows the default configuration. After setting up the Syslog daemon we will setup the actions and filters.

 

2. Add an SMTP Action

All filters that are going to use this action will send event log entries through the mail server mail.netikus.net sent from eventsentry@netikus.net to eventsentry@netikus.net.

 

clip0207

3. Add a FILE Action

All filters that are going to use this action will log event log entries to the file d:\eventsentry\eventsentry_syslog.csv.

 

clip0218

4. Add a Syslog Action

All filters that are using this action will send event log entries to host 10.10.10.15.

 

clip0221

The "Installed Targets" list should then look like this (the order is not relevant):

 

clip0222

5. Add an Include Filter for the SMTP Action

This filter will log Warning, Error and Audit Failure event log messages from the Application, Security and System event log to the action SMTP Action.

 

clip0223

6. Add an Include Filter for the Syslog Action

This filter will send all entries from the Security event log to the host defined in action Syslog Action.

 

clip0224

 

7. Add an Include Filter for the FILE Action

This filter will write all entries logged by the EventSentry Syslog daemon to the file specified in the CSV Syslog Target. Since all messages logged by the EventSentry Syslog daemon come from the source EventSentry with event ID 9999 and event category "Syslog" (see the Syslog chapter) we will need to configure the filter accordingly.

 

clip0225

This completes the configuration and the Installed Filters list should look like this:

 

clip0226