Audit Collection Syslog Gateway™

The Syslog Gateway can be located on an existing ACS Collector or stand alone Windows Server 2003 or higher system. Syslog forwarding must be enabled from the endpoint devices to the Gateway Server.

Syslog events are processed by a common provider that maps syslog event strings to Windows Security event attributes.

Event Translation Process

1) Syslog enabled devices forward events to Gateway
2) Gateway Service recieves new events and writes them to local Windows Security log
3) The ACS Forwarder collects new events and sends them to Collector for processing

The Audit Collection Syslog Gateway includes a generic Report that enables users to filter on any syslog message pattern. In addition the Gateway includes a Management Pack that provides canned Alert Rules and operational Views. Quickly setup subscriptions and overrides to enable your audit requirements.

Report Features

1) Expression Filter on Syslog Message
2) Online & Historical Reporting
3) Subscription Scheduling

MP Features

1) Generic Alert Rules on common syslog Events
2) Cisco Router & Firewall Alert Rules
3) Syslog Operational Views

The Audit Collection Syslog Gateway is licensed per Gateway Server.

The solution can be added with the 'Security Auditing' package and can also be bought separately.

This depends on the type of devices, what messages are flagged for event forwarding and average Events per Second (EPS). The Syslog Gateway can process an average of 1000 EPS.