Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84539members
353793posts

DCE & DCO Syslog forwarding capabilities to SIEM solution

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

DCIM_Support
Picard
Picard
0 Likes
2
196

DCE & DCO Syslog forwarding capabilities to SIEM solution

This question was originally posted on DCIM Support by shemilusman on 2018-12-29


Hi,

One of our client is requesting to Integrate DCIM (DCE & DCO) with SIEM. They want us to Confirm syslog forwarding capabilities for device and user activity to SIEM solution. Please advise how to achieve this.

Please note that this will be an automatic integration of syslog with SIEM and no download is acceptable by the client.

Thanks & Regards

Shemil

(CID:137728594)

2 Replies 2
DCIM_Support
Picard
Picard
0 Likes
0
194

Re: DCE & DCO Syslog forwarding capabilities to SIEM solution

This answer was originally posted on DCIM Support by Ed Tarento on 2018-12-30


Hi shemilusman

AFAIK DCE will only forward alerts from monitored devices, not user activity.  Device activity will be sent via SNMP trap/inform.  Or you can configure all your devices to trap/inform or syslog to the SIEM.  You may be able to craft something for user activity by consuming logs but Im not sure if DCE captures and stores user activity in its logs.  Anyone?

Whilst DCO sits atop Linux and therefore syslog can be turned on, I suspect this will only provide message pertaining to the OS, not the App.  A lot of the user activity may be present in the ETL Export DB which by nature is not real time.  

Most COTS SIEM systems accept many input methods other than syslog

I hope this helps

(CID:137728604)

DCIM_Support
Picard
Picard
0 Likes
0
194

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.