Hello
I am working to change the SIEM equipment linkage method of a customer from OPSEC to Log Exporter.
When I compare the logs of Smartconsole and the logs of SIEM, there are too many differences.
For example, The Smart console log generates about 5000 drop logs per second.
However, only about 300 drop logs are visible for Siem equipment logs.
There is a difference of more than 10 times and I do not know the cause.
The linked server is Archisight 6.9 / smartconnector 7.15 and The architecture of the customer is as follows.
1.Management Server (R80.20, Take 127)
2.Log Server (R80.20, Take 127)
3.VRRP Gateway (R80.10, Take 249) - Firewall, IPS
Below is the log export information set to the customer.
Due to the large amount of logs, it is really difficult to compare the number of packets.
What do I need to check to fix the above symptoms?
| User | Count |
|---|---|
| 18 | |
| 17 | |
| 15 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 |
Tue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topThu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaS
