This question was originally posted on DCIM Support by shemilusman on 2018-12-29
One of our client is requesting to Integrate DCIM (DCE & DCO) with SIEM. They want us to Confirm syslog forwarding capabilities for device and user activity to SIEM solution. Please advise how to achieve this.
Please note that this will be an automatic integration of syslog with SIEM and no download is acceptable by the client.
Thanks & Regards
This answer was originally posted on DCIM Support by Ed Tarento on 2018-12-30
AFAIK DCE will only forward alerts from monitored devices, not user activity. Device activity will be sent via SNMP trap/inform. Or you can configure all your devices to trap/inform or syslog to the SIEM. You may be able to craft something for user activity by consuming logs but Im not sure if DCE captures and stores user activity in its logs. Anyone?
Whilst DCO sits atop Linux and therefore syslog can be turned on, I suspect this will only provide message pertaining to the OS, not the App. A lot of the user activity may be present in the ETL Export DB which by nature is not real time.
Most COTS SIEM systems accept many input methods other than syslog
I hope this helps
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!