Download and execute the tool on the EPS server from which the data needs to be pushed. After executing the tool, provide credentials of the SIEM Server. Then, set the schedule for pushing the data and select the events of which the data will be pushed to the SIEM server. You can view the event logs on the configured SIEM server.
To install SyslogAgent tool, follow these steps.
Download SyslogAgent tool from the following link, https://dlupdate.quickheal.com/builds/seqrite/760/en/SyslogAgent/SQSYSAGINS T.EXE
Execute SQSYSAGINST.EXE file. The SyslogAgent tool is installed.
To push the events data to the SIEM server, follow these steps.
Execute SQSYSAGINST.EXE file. The SyslogAgent Configuration window appears as shown below. Set all the Syslog server configuration and event selection in the window.
Enter Syslog Server IP\URL.
Enter Syslog Server Port number.
Enter Max Record Limit. This number of records will be pushed to the SIEM server.
Select Schedule Time from the list. Records will be pushed as per selected schedule time.
Select Protocol either UDP or TCP.
Select Start Date with the calendar control.
Select Data format either LEEF or CEF. Note: The data formats supported are LEEF (Log Event Extended Format) and CEF (Common Event Format) only.
In the Event Selection section, select the events as required.
Click Apply. The configuration success message appears. The SyslogAgent service will start automatically as per the set schedule.
To update the configuration, follow these steps.
Run SyslogAgentUI.exe from the path, <installation directory>\Seqrite\Endpoint Security 7.60\Admin. The SyslogAgent Configuration window appears.
Edit the information.
Click Apply.
To uninstall the SyslogAgent tool manually, follow these steps.
You need to check the status of Seqrite SyslogAgent service. Before uninstalling, the service must be stopped. To check the status of the service, launch the SyslogAgentUI.exe file from <installation directory>\Seqrite\Endpoint Security 7.60\Admin.
If the status of service is Running, click Stop to stop the service.
Open the command line as an Administrator and run the following command SC DELETE “Seqrite SyslogAgent” (Ensure you put double quotes here) This command will uninstall the SyslogAgent service only. Installation files will not be deleted from EPS installation directory. These files will be deleted only when you uninstall the EPS Server.
If you want to reinstall the SyslogAgent tool, then first manually remove the previously installed SyslogAgent tool files mentioned below and then reinstall. Keep Self Protection OFF while removing files. • <Installation directory>\Seqrite\Endpoint Security 7.60\Admin
siem_win_service.exe, SyslogAgentUI.exe, sql_res.ini, syslogagent_sp.sql