How to forward Endpoint Manager audit logs to external server e.g. SIEM tool

Release Time
07/23/2020
Views
1753 times


Click 'Settings' > 'Portal Set-Up' > 'Logging Settings'

  • The logs forwarding feature is available only to customers on request. Please contact your account manager if you want this feature enabled for your account.
     
  • The 'Logging Settings' tab lets you specify a syslog server to which EM should forward its audit logs
     
  • For example, you can use this setting to integrate your logs with a security intelligence and event management (SIEM) tool.
     
  • Note - This setting forwards the portal logs, not the endpoint logs.
     
  • You can also view and generate EM audit log reports at 'Dashboard' > 'Audit Logs' interface. See this wiki if you need help to do this.

Configure logging settings

  • Login to Comodo One / Dragon
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Settings' on the left then 'Portal Set-Up'
     
  • Click the 'Logging Settings' tab


 

  • Click the ‘Edit’ on the right:


 

  • Write to syslog server – Select to enable log forwarding
     
    • Host – Enter IP or hostname of the syslog server
       
    • Port – The port through which the server listens to EM logs
       
  • Click ‘Save’ to apply your settings