Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ChoiYunSoo
Contributor

Do not match The number of logs in the GUI and the SIEM device.

Hello 

I am working to change the SIEM equipment linkage method of a customer from OPSEC to Log Exporter.

When I compare the logs of Smartconsole and the logs of SIEM, there are too many differences.

For example, The Smart console log generates about 5000 drop logs per second. 

However, only about 300 drop logs are visible for Siem equipment logs.

There is a difference of more than 10 times and I do not know the cause.

 

The linked server is Archisight 6.9 / smartconnector 7.15 and The architecture of the customer is as follows.

1.Management Server (R80.20, Take 127)
2.Log Server (R80.20, Take 127)
3.VRRP Gateway (R80.10, Take 249) - Firewall, IPS

 

Below is the log export information set to the customer.

 

export_show.png

filter_configuration.PNG

 

Due to the large amount of logs, it is really difficult to compare the number of packets.

What do I need to check to fix the above symptoms?

 

 

 

4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events