Network Management

 View Only
Back to discussions
Expand all | Collapse all

IMC correlated alarms (integration with siem)

This thread has been viewed 0 times

  • 1.  IMC correlated alarms (integration with siem)

    Posted Jan 20, 2020 05:34 AM

    We are looking for integration HPe IMC with LogRhythm, the purpose of this integration is to see IMC correlated alarms in LogRhythm SIEM.

    I find the path where we can find all IMC logs C:\Program Files\iMC\server\conf\log\, but here I can‘t find any alert logs. In log file imcnetresdmxxx.xx.xx I can find information about network device reboot or power on, but the problem is that here we get information only then when device is up after power off.

     

    I am looking for information where I can find logs which can show information when network device started to be not reachable. Thanks in advance.



  • 2.  RE: IMC correlated alarms (integration with siem)

    Posted Jan 20, 2020 07:50 AM

    Hello,

    I would not recommend trying to correlate iMC Alarms with a SIEM using the logfiles on the iMC system. These logs are primarily intended for use by Support and Engineering to troubleshoot issues.

    As far as I can see, LogRhythm supports SNMP as an event source. Hence you should be able to set up iMC's Alarm Forwarding feature to forward all Alarms as SNMPv1 Traps to the LogRhythm software. That can be configured under Alarm > Alarm Settings > Alarm Notification > Add Alarm Forwarding rule.

    Here is an example for you, where we forward only the 'device does not respond to poll packets' alarm:

    Alarm-Forward-Logrhythm.png

    Hope that helps.



Related Content