EventSentry can emulate a Unix / Linux syslog server. It will listen to UDP port 514 and log incoming syslog packets to the Application event log (with EventID 9999, Source EventSentry, Category Syslog).
To activate the syslog daemon, click (or double-click, see usability) the Syslog Daemon object in the left pane and activate the Enable Syslog Daemon checkbox.
Due to the nature of the connection-less UDP protocol, the syslog feature is quite insecure. For example, an intruder could launch a DoS attack by trying to fill your servers' event logs with thousands of sent messages.
To limit this and other risks please read the following chapters carefully if you plan to use the syslog feature.
Sending the syslog options to remote computers
To send the syslog configuration to all computers in a particular group simply right-click the Syslog Daemon node and select the appropriate group in the Send To submenu.
Compatability
The EventSentry syslog daemon should work well with every Unix syslog daemon (any Linux, Solaris, OSX, ...) and network devices that support the syslog protocol (e.g. Cisco routers and switches) and has been successfully tested with the following operating systems:
| • | Linux© (RedHat©, SUSE©) |
| • | BSD (OpenBSD) |
| • | Sun© Solaris 8 |
| • | Apple© OSX 10.3 |
| • | Various Cisco devices |
(This does not mean that the syslog daemon only works with the operating systems mentioned above, but we have tested our syslog daemon successfully with the ones mentioned above.)