Security

 View Only
  • 1.  Syslog Export Filters - Access Tracker

    Posted May 13, 2020 03:02 PM

    We would like to setup a syslog server (LogRythm) to receive syslog messages similar to "Access Tracker".    Optional, can we specify specific records from a specific Service?



  • 2.  RE: Syslog Export Filters - Access Tracker

    Posted May 13, 2020 03:16 PM

    Hi,

     

    Did you check CPPM > Administration > External Servers > Syslog Export Filters? You can select the filter as needed..

    ayman_mukaddam_1-1589397330344.png

     

     



  • 3.  RE: Syslog Export Filters - Access Tracker

    Posted May 13, 2020 04:11 PM

    Thank you for the reply,  I have looked at the Export Filters, my question really was which filter would be best.  We are looking to provide information similar to Access Tracker to our SIEM.  Would it be better to use Session Logs or Insight Logs? 

     

    Thank you,
    Mike



  • 4.  RE: Syslog Export Filters - Access Tracker

    Posted May 14, 2020 01:49 AM

    Hi Mike,

     

    You can go with session logs and select the needed columns if you need a similar view like the access tracker.

    You can check sample logs at this link https://docs.mcafee.com/bundle/enterprise-security-manager-data-sources-configuration-reference-guide/page/GUID-11970E35-C26D-4234-B43D-172FA683732F.html



  • 5.  RE: Syslog Export Filters - Access Tracker
    Best Answer

    Posted May 14, 2020 04:09 PM

    I don't follow why you would point to the McAfee integration above?

     

    To get close to the Access-Tracker information into your SIEM you 'll have to send multiple syslogs, I'd start with the below but use Insight, its tuned better.....

     

    RADIUS:- Authentication, Failed Authentications, Accounting

    If you need TACACS+, then TACACS+ Auth Nd Failed Auth

     

    If you want other things, i.e. Guest stick with Insight and select the logs as needed.