DCE & DCO Syslog forwarding capabilities to SIEM solution

DCIM_Support · ‎2020-07-05

This question was originally posted on DCIM Support by shemilusman on 2018-12-29

Hi,

One of our client is requesting to Integrate DCIM (DCE & DCO) with SIEM. They want us to Confirm syslog forwarding capabilities for device and user activity to SIEM solution. Please advise how to achieve this.

Please note that this will be an automatic integration of syslog with SIEM and no download is acceptable by the client.

Thanks & Regards

Shemil

DCIM_Support · ‎2020-07-05

This answer was originally posted on DCIM Support by Ed Tarento on 2018-12-30

Hi shemilusman

AFAIK DCE will only forward alerts from monitored devices, not user activity. Device activity will be sent via SNMP trap/inform. Or you can configure all your devices to trap/inform or syslog to the SIEM. You may be able to craft something for user activity by consuming logs but Im not sure if DCE captures and stores user activity in its logs. Anyone?

Whilst DCO sits atop Linux and therefore syslog can be turned on, I suspect this will only provide message pertaining to the OS, not the App. A lot of the user activity may be present in the ETL Export DB which by nature is not real time.

Most COTS SIEM systems accept many input methods other than syslog

I hope this helps

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.