Syslog Daemon

<< Click to Display Table of Contents >>

Navigation:  Monitoring with EventSentry > Network Services >

Syslog Daemon

EventSentry can emulate a Unix / Linux Syslog server which enables it to receive Syslog messages from remote Syslog-enabled hosts and devices. The Syslog daemon supports UDP, TCP and TCP+TLS connections and you can either log incoming Syslog messages to the application event log or store them in a database.


To activate the Syslog daemon, check one of the check boxes in the Syslog Daemons section on the "General" tab and configure either the database or event log feature.



Syslog Daemons

You can configure the Syslog daemon to accept UDP and TCP connections from remote Syslog-capable devices. To activate either protocol, check the appropriate check box. The default port for the Syslog protocol is 514, but you can change the port for UDP and TCP connections by adjusting the number.



Automatically creates a self-signed certificate file the first time the feature is enabled to facility TLS communication. Creates the following files:



%SYSTEMROOT%\system32\eventsentry\secure\es_network_svc.pem (public certificate for distribution)


The public PEM file can be copied to remote Syslog clients that require this file in order to trust the self-signed certificate file.


Threshold Settings

To limit the number of Syslog messages that are processed by the Syslog daemon, change the maximum number of messages and the applicable time period. The Syslog daemon will drop incoming packets if the count exceeds the number specified in Maximum number of allowed messages for the configure Time Period.


Authorized IP Addresses / Networks

For enhanced security you will have to specify from which hosts the Syslog daemon will accept packets. Please note that host names are not allowed in the list, you can only specify IP addresses.


You can enter IP addresses with or without specifying the subnet bits. For example, if you only want to add two servers with the IP addresses and, simply add those two IP addresses to the list.


If you want to allow a whole subnet, for example the IP addresses -, then you will have to add If you only want to allow the range - then you can specify



The EventSentry Syslog daemon works with every Unix Syslog daemon (any Linux, Solaris, OSX, ...) and network devices that support the Syslog RFC 3164 protocol.