Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ESET Remote Administrator

 

The JSA DSM for ESET Remote Administrator collects logs from ESET Remote Administrator.

The following table describes the specifications for the ESET Remote Administrator DSM:

Table 1: ESET Remote Administrator DSM Specifications

Specification

Value

Manufacturer

ESET

DSM name

ESET Remote Administrator

RPM file name

DSM-ESETRemoteAdministrator-JSA_version-build_number.noarch.rpm

Supported versions

6.4.270

Protocol

Syslog

Event format

Log Extended Event Format (LEEF)

Recorded event types

Threat

Firewall aggregated

Host Intrusion Protection System (HIPS) aggregated

Audit

Automatically discovered?

Yes

Includes identity?

Yes

Includes custom properties?

No

More information

ESET website (https://www.eset.com/us/support/download/business/remote-administrator-6)

To integrate ESET Remote Administrator with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs in the order that they are listed, on your JSA console:

    • DSMCommon RPM

    • ESET Remote Administrator DSM RPM

  2. Configure your ESET Remote Administrator server to send LEEF formatted syslog events to JSA.

  3. If JSA does not automatically detect the log source, add an ESET Remote Administrator log source on the JSA console. The following table describes the parameters that require specific values for ESET Remote Administrator event collection:

    Table 2: ESET Remote Administrator Log Source Parameters

    Parameter

    Value

    Log Source type

    ESET Remote Administrator

    Protocol Configuration

    Syslog

    Log Source Identifier

    The IP address or host name of the ESET Remote Administration server.

  4. To check that JSA parses the events correctly, review the following sample event message.

    The following table shows a sample event message from ESET Remote Administrator:

    Table 3: ESET Remote Administrator Sample Message

    Event name

    Low level category

    Sample log message

    Native user login

    User Login Success

    <14>1 2016-08-15T14:52:31.888Z hostname ERAServer 28021 - - LEEF:1.0|ESET|RemoteAdministrator |6.5.198.0|Native user login|cat= ESET RA Audit Event sev=2 devTime =Aug 15 2016 14:52:31 devTime Format=MMM dd yyyy HH:mm:ss src= 127.0.0.1 domain=Native user action=Login attempt target= username detail=Native user 'username' attempted to authenticate. result=Success