AnsweredAssumed Answered

Correlating logs from external log server

Question asked by MIRCEA MITROI on Feb 21, 2018
Latest reply on Mar 1, 2018 by MIRCEA MITROI

Hi all!

 

We have a distributed management/reporting deployment with 1 x R80.10 SmartCenter, 1 x R80.10 SmartEvent and 1 x R77.30.03 SmartEndpoint mgmt server. We have established opsec lea between SmartEvent and Endpoint Server, we receive the logs, the cpstat cpsead looks fine, we can find them under the smartlog, but we cannot find them under the "General Overview" tab. We have also defined "new event" type under the SmartEvent policy, but still couldn't get any correlated endpoint logs.

 

Would be maybe a better idea to send the endpoint server logs to the smartcenter and from there to the smartevent?

 

Do you have any idea on this?

 

Thx a lot!

Mircea

Outcomes