Hi people,
I have a setup with a dedicated Endpoint Security Mgmt server who are receiving all logs från the Endpoint clients atm.
What is the preferable way to send those logs, in real time to the Security Management Server who also acts as the SmartEvent Server and Correlation Unit.
Both are open servers running R80.40.
When trying to add the Security Management Server to the list in Gateway and Servers in the Endpoint side, Im not able to establish SIC. "Peer sent wrong DN"
Same thing trying to add the Endpoint mgmt server to the list of Gateway and Servers on the SMS side.
I've read the article: sk72980, but it's seems old and deprecated.
The log exporter is, as of my understanding, only used when transfering logs to a third party SIEM solution, but could this be my answer as well?
Will the SMS accept the log in syslog or CEF format and index it for me in the SmartLog?
Best regards
Oskar