Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
OskarR
Explorer

Logforward from Endpoint Sec Mgmt to Sec Mgmt Server

Hi people, 

I have a setup with a dedicated Endpoint Security Mgmt server who are receiving all logs från the Endpoint clients atm.

What is the preferable way to send those logs, in real time to the Security Management Server who also acts as the SmartEvent Server and Correlation Unit.

Both are open servers running R80.40.

 

When trying to add the Security Management Server to the list in Gateway and Servers in the Endpoint side, Im not able to establish SIC. "Peer sent wrong DN"

Same thing trying to add the Endpoint mgmt server to the list of Gateway and Servers on the SMS side.

I've read the article: sk72980, but it's seems old and deprecated. 

 

The log exporter is, as of my understanding, only used when transfering logs to a third party SIEM solution, but could this be my answer as well?

Will the SMS accept the log in syslog or CEF format and index it for me in the SmartLog?

 

Best regards

Oskar

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events