Send reports and logs from all devices to mcafee siem


(Manish) #1

HI Team,

I am new to elkstack.

I have configured ELKstack in my environment and it is working perfectly. I am able to get the reports and syslogs from all the devices on KIBANA interface. I also have Mcafee siem solution also configured in my environment for monitoring of some other devices.

My requirement is to send all the syslogs and report from all devices that i can see on kinana to mcafee siem also. So that i can monitor all the logs from Mcafee siem.

Thanks


#2

What do you mean by "reports and syslogs"?

If Mcafee SIEM supports syslog, you can just use Logstash and output syslog to forward all events to the SIEM.


(Manish) #3

Reports and syslogs means. All the filtered data/logs that we see on kibana interface.

I want to redirect all that fitered data from logstash to Mcafee SIEM.

I dont want to create filters on mcafee. i just want to forward the filtered data from elkstack to Mcafee siem.

syslog input --> logstash --->kibana/MCafee siem (logstash output to both system).

Apology, if my explaination is not clear as i am new to elkstack

Thanks


#4

How are you ingesting logs into the Elasticsearch?
Beats, Logstash or your own solution?

If you are already using Logstash, then add another output which could be syslog if your mcafee product supports it and it should work.
Of course, there are no guarantees how the SIEM will parse the data.


(Staale) #5

Configure logstash with 2 outputs. One for elasticsearch and one for McAffee. As far as I know elasticsearch does not push messages.


(Manish) #6

I have configured beat to forward logs from window clients and syslog service for linux client machine to forward logs to logstash server(linux).

I will try your suggestion to add another output in logstash. i will let you know if i face problem.

Thankyou for your time and support. :slight_smile:


(system) closed #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.