How to forward Endpoint Manager audit logs to external server e.g. SIEM tool
Views
1695 times
Click 'Settings' > 'Portal Set-Up' > 'Logging Settings'
- The logs forwarding feature is available only to customers on request. Please contact your account manager if you want this feature enabled for your account.
- The 'Logging Settings' tab lets you specify a syslog server to which EM should forward its audit logs
- For example, you can use this setting to integrate your logs with a security intelligence and event management (SIEM) tool.
- Note - This setting forwards the portal logs, not the endpoint logs.
- You can also view and generate EM audit log reports at 'Dashboard' > 'Audit Logs' interface. See this wiki if you need help to do this.
Configure logging settings
- Login to Comodo One / Dragon
- Click 'Applications' > 'Endpoint Manager'
- Click 'Settings' on the left then 'Portal Set-Up'
- Click the 'Logging Settings' tab
- Click the ‘Edit’ on the right:
- Write to syslog server – Select to enable log forwarding
- Host – Enter IP or hostname of the syslog server
- Port – The port through which the server listens to EM logs
- Host – Enter IP or hostname of the syslog server
- Click ‘Save’ to apply your settings
CONTACT US
Call now! 
(973) 859 4000 ext 3025
(973) 859 4000 ext 3025
---