What is Syslog Security?
Syslog device filter parses syslog messages to detect security events. Syslog is a protocol defining an event log service of a computer system. It is also the name of the format that allows these exchanges.
Syslog events are stored in a specific ServicePilot collection called "Syslog" in order to provide advanced dashboard presenting events severity and facility over time, and some typical network events detection like Top 5 Failed Login Attempts, Deny Events (Cisco PIX) or Frag. Attack & Drop Events (NetGear).
Syslog Security monitoring
This package enables Syslog collection in order to specifically monitor network device events.
The Syslog Collector configures a ServicePilot Windows or Linux Agent to listen on a port for Syslogs. These are then sent on to the ServicePilot Manager.
You can use the analysis and search section of the ServicePilot web interface in order to find the answers to any question you might have using the syslog search engine and ServicePilot query language.