⚠️ Eset Security Management Center

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Connectors Index

---

Attribute	Value
Connector ID	EsetSMC
Publisher	Eset
Used in Solutions	Eset Security Management Center
Collection Method	MMA
Connector Definition Files	esetSmc.json
Custom Log V1 Tables	Yes 🔶 — ingests into tables with type-suffixed columns

Connector for Eset SMC threat events, audit logs, firewall events and web sites filter.

Tables Ingested

This connector ingests data into the following tables:

Table	Transformations	Ingestion API	Lake-Only
eset_CL 🔶	?	✓	?

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.

Custom Permissions: - Access to Eset SMC console: Permissions to configure log export

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Install and onboard the agent for Linux

Typically, you should install the agent on a different computer from the one on which the logs are generated.

Syslog logs are collected only from Linux agents. Choose where to install the agent:

Install agent on Azure Linux Virtual Machine

Select the machine to install the agent on and then click Connect. - Install agent on Linux Virtual Machine

Install agent on a non-Azure Linux Machine

Download the agent on the relevant machine and follow the instructions. - Install agent on Linux (Non-Azure)

2. Configure the logs to be collected

Configure rsyslog to accept logs from your Eset SMC IP address.

sudo -i



# Set ESET SMC source IP address

export ESETIP={Enter your IP address}



# Create rsyslog configuration file

cat > /etc/rsyslog.d/80-remote.conf << EOF

\$ModLoad imudp

\$UDPServerRun 514

\$ModLoad imtcp

\$InputTCPServerRun 514

\$AllowedSender TCP, 127.0.0.1, $ESETIP

\$AllowedSender UDP, 127.0.0.1, $ESETIP

user.=alert;user.=crit;user.=debug;user.=emerg;user.=err;user.=info;user.=notice;user.=warning  @127.0.0.1:25224

EOF



# Restart rsyslog

systemctl restart rsyslog```

**3. Configure OMS agent to pass Eset SMC data in API format**

In order to easily recognize Eset data we will push it to separate table and parse at agent so query in Azure Sentinel is easier and fast. To make it simple we will just modify ```match oms.**``` section to send data as API objects by changing type to out_oms_api. Modify file on /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.conf. Full ```match oms.**``` section looks like this:

type out_oms_api

log_level info

num_threads 5

run_in_background false

omsadmin_conf_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsadmin.conf

cert_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.crt

key_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.key

buffer_chunk_limit 15m

buffer_type file

buffer_path /var/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/state/out_oms_common*.buffer

buffer_queue_limit 10

buffer_queue_full_action drop_oldest_chunk

flush_interval 20s

retry_limit 10

retry_wait 30s

max_retry_wait 9m

**4. Change OMS agent configuration to catch tag oms.api.eset and parse structured data**

Modify file /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.d/syslog.conf

type syslog

port 25224

bind 127.0.0.1

protocol_type udp

tag oms.api.eset

@type parser

key_name message

format /(?.?{.})/

@type parser

key_name message

format json

**5. Disable automatic configuration and restart agent**

```bash

# Disable changes to configuration files from Portal

sudo su omsagent -c 'python /opt/microsoft/omsconfig/Scripts/OMS_MetaConfigHelper.py --disable'



# Restart agent

sudo /opt/microsoft/omsagent/bin/service_control restart



# Check agent logs

tail -f /var/opt/microsoft/omsagent/log/omsagent.log

6. Configure Eset SMC to send logs to connector

Configure Eset Logs using BSD style and JSON format.

• Go to Syslog server configuration as described in Eset documentation and configure Host (your connector), Format BSD, Transport TCP

• Go to Logging section as described in Eset documentation and enable JSON

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Connectors Index