SIEM Dragon Event Retention
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-23-2014 02:47 PM
Hello,
I have multiple devices configured to send logs to my server logs (SIEM) and I need to keep all these logs of my devices for 2 years, for query and reports futures.
I have the following devices: routers, switches, firewalls, to send logs to my SIEM and I would like to know how I set SIEM to save to in your hard disk a structure as this:
Can I create a Logs file per device?
Can I create a Logs file per group (Client1, Client2, ...)?
Can I create a Logs file per type device (All firewalls, All routers, ...)?
What do you recommend me?
and how can I do?
SIEM1
Inicio de sesion
Cerrar sesion
Logones fallidos
Updrages
...
..
.
Client1
Firewalls
PA1_IP
Inicio de sesion
Cerrar sesion
Logones fallidos
...
..
.
PA2_IP
Routers
RT1_IP
RT2_IP
Switchs
SW1_IP
sw2_IP
Windows Server_IP
Linux Server_IP
...
..
.
Client2
Client3
Client4
...
..
.
Thank you very much
Diego
I have multiple devices configured to send logs to my server logs (SIEM) and I need to keep all these logs of my devices for 2 years, for query and reports futures.
I have the following devices: routers, switches, firewalls, to send logs to my SIEM and I would like to know how I set SIEM to save to in your hard disk a structure as this:
Can I create a Logs file per device?
Can I create a Logs file per group (Client1, Client2, ...)?
Can I create a Logs file per type device (All firewalls, All routers, ...)?
What do you recommend me?
and how can I do?
SIEM1
Inicio de sesion
Cerrar sesion
Logones fallidos
Updrages
...
..
.
Client1
Firewalls
PA1_IP
Inicio de sesion
Cerrar sesion
Logones fallidos
...
..
.
PA2_IP
Routers
RT1_IP
RT2_IP
Switchs
SW1_IP
sw2_IP
Windows Server_IP
Linux Server_IP
...
..
.
Client2
Client3
Client4
...
..
.
Thank you very much
Diego
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2014 12:10 PM
Hi Diego,
Yes all the criteria you are asking for and more is available with the use of Event Retention Buckets. Please check our Admin Guide off the extranet for a complete set of options.
https://extranet.enterasys.com/downloads/Pages/SIEM.aspx
If you have any additional questions please don't hesitate to ask.
Yes all the criteria you are asking for and more is available with the use of Event Retention Buckets. Please check our Admin Guide off the extranet for a complete set of options.
https://extranet.enterasys.com/downloads/Pages/SIEM.aspx
If you have any additional questions please don't hesitate to ask.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2014 11:14 AM
Hi Diego. I will have someone from GTAC reply to your question. If there is any additional data you could provide, it would be appreciated. Thank you!
