EcoStruxure IT forum
A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.
Posted: 2020-07-05 03:45 PM
This question was originally posted on DCIM Support by shemilusman on 2018-12-29
Hi,
One of our client is requesting to Integrate DCIM (DCE & DCO) with SIEM. They want us to Confirm syslog forwarding capabilities for device and user activity to SIEM solution. Please advise how to achieve this.
Please note that this will be an automatic integration of syslog with SIEM and no download is acceptable by the client.
Thanks & Regards
Shemil
(CID:137728594)
Posted: 2020-07-05 03:46 PM
This answer was originally posted on DCIM Support by Ed Tarento on 2018-12-30
Hi shemilusman
AFAIK DCE will only forward alerts from monitored devices, not user activity. Device activity will be sent via SNMP trap/inform. Or you can configure all your devices to trap/inform or syslog to the SIEM. You may be able to craft something for user activity by consuming logs but Im not sure if DCE captures and stores user activity in its logs. Anyone?
Whilst DCO sits atop Linux and therefore syslog can be turned on, I suspect this will only provide message pertaining to the OS, not the App. A lot of the user activity may be present in the ETL Export DB which by nature is not real time.
Most COTS SIEM systems accept many input methods other than syslog
I hope this helps
(CID:137728604)
Posted: 2020-07-05 03:46 PM
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.