Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maarten_Sjouw
Champion
Champion

Is CP-Logexporter able to export events?

Hi, I got a question this question from our SIEM team, is it possible to export correlated events with CP-Log Exporter?

 

Regards, Maarten
0 Kudos
6 Replies
Dror_Aharony
Employee Alumnus
Employee Alumnus

Yea.

Simply configure the log-exporter on the SmartEvent or SME CU (if dedicated) server, as the raw correlated logs are generated & stored there.

0 Kudos
Maarten_Sjouw
Champion
Champion

In a Multi Domain environment, I would need to filter this on a specific domain then, is that also a possibility? I'm sorry but I did not yet need this, so did not really look into it so far.
Regards, Maarten
0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Filtering the correlated events on the SME for a specific domain's correlated logs, you mean?

that may be done using the new filtering feature, but I'm not absolutely sure. perhaps someone else knows, is that what you need?

or did you mean a general domain exporting of logs?

Exporting a specific domain's regular logs on a CMA/CLM is easily done by configuring the log-exporter on a specific domain on an MDS/MLM (domain-server <name>).

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Yep that is what I mean.
Nope, I already use that for other customers.
Regards, Maarten
0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Assuming you have the latest R80.10 log-exporter that includes the filtering ability.

You should be able to filter by a specific GW, using the origin field on the correlated log (which correlates to a specific domain).

 

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Ok thanks we'll give it a try.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events