Hello everyone,

Syslog support is here! Endpoint Central now enables audit log forwarding to syslog using the standardized RFC 5424 format. If you're using a SIEM platform (such as Splunk, QRadar, LogRhythm, etc.), you can now seamlessly centralize your Endpoint Central console logs.

You can configure syslog forwarding from Endpoint Central to syslog in just a few steps from the product console. For full instructions, check out our guide here.

After this, you can head over to your SIEM tool and configure syslog as an input. Some SIEM tools that support integrating with syslog include:

• Splunk

• IBM QRadar

• LogRhythm

• ArcSight

• Graylog

• SolarWinds Log Analyzer

• Rapid7 InsightIDR

• Microsoft Sentinel

• RSA NetWitness

• Securonix

• ElasticSIEM (ELK)

• Exabeam

• or any custom syslog server!

Once this is done, Endpoint Central audit logs will be seamlessly streamed to your SIEM tool. This integration is currently supported for on-premises deployments of Endpoint Central. Learn more about the benefits here.

What it means for you:

With this integration, you can:

• Monitor admin and technician activities

• Detect insider threats or unintentional misconfigurations

• Make compliance reporting easier