This article provides a step-by-step process on configuring GFI EventsManager to receive Syslog messages.
GFI EventsManager is designed to act as a Syslog server and receive Syslog events from various devices including Cisco PIX firewall. In order to use GFI EventsManager as a Syslog server, you must configure the Cisco PIX firewall and similar devices to send Syslog messages directly to the machine that is running GFI EventsManager.
By default, GFI EventsManager will listen for Syslog messages on port 514. Therefore, you must make sure that this port is not being used by other applications. The port on which GFI EventsManager listens for Syslog messages is configurable through the management console.
To enable GFI EventsManager to collect Syslog events you need to:
- Bring up the (computer/computer group) properties dialog.
- Click on the Syslog tab.
- To enable the Syslog server and listen for messages sent by the computer in a computer group, select the option 'The computer specified in this group will send Syslog events'.
- How can I verify that GFI EventsManager can receive Syslog events?
- How to create custom Syslog rule sets for non-supported devices?
- How to create custom Syslog rules based on RAW data?
- For which applications and devices, does GFI EventsManager provide pre-configured processing rules?