GFI EventsManager is designed to act as a Syslog server and receive Syslog events from various devices including Cisco PIX firewall. In order to use GFI EventsManager as a Syslog server, you must configure Cisco PIX firewall and similar devices to send Syslog messages directly to the machine that is running GFI EventsManager.
By default GFI EventsManager will listen for Syslog messages on port 514, therefore you must make sure that this port is not being used by other applications. The port on which GFI EventsManager listens for Syslog messages is configurable through the management console.
To enable GFI EventsManager to collect Syslog events you need to:
- Bring up the (computer/computer group) properties dialog
- Click on the Syslog tab
- To enable the syslog server and listen for messages sent by the computers in a computer group, select the option The computers specified in this group will send Syslog events