This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SIEM Dragon Event Retention

SIEM Dragon Event Retention

Diego5
New Contributor

‎01-23-2014 02:47 PM

Hello,

I have multiple devices configured to send logs to my server logs (SIEM) and I need to keep all these logs of my devices for 2 years, for query and reports futures.

I have the following devices: routers, switches, firewalls, to send logs to my SIEM and I would like to know how I set SIEM to save to in your hard disk a structure as this:

Can I create a Logs file per device?
Can I create a Logs file per group (Client1, Client2, ...)?
Can I create a Logs file per type device (All firewalls, All routers, ...)?

What do you recommend me?
and how can I do?

SIEM1
Inicio de sesion
Cerrar sesion
Logones fallidos
Updrages
...
..
.
Client1
Firewalls
PA1_IP
Inicio de sesion
Cerrar sesion
Logones fallidos
...
..
.
PA2_IP
Routers
RT1_IP
RT2_IP
Switchs
SW1_IP
sw2_IP
Windows Server_IP
Linux Server_IP
...
..
.
Client2
Client3
Client4
...
..
.

Thank you very much

Diego
0 Kudos
2 REPLIES 2

Dudley__Jeff
Extreme Employee

‎01-27-2014 12:10 PM

Hi Diego,

Yes all the criteria you are asking for and more is available with the use of Event Retention Buckets. Please check our Admin Guide off the extranet for a complete set of options.

https://extranet.enterasys.com/downloads/Pages/SIEM.aspx

If you have any additional questions please don't hesitate to ask.

0 Kudos

Tamera_Rousseau
New Contributor

‎01-27-2014 11:14 AM

Hi Diego. I will have someone from GTAC reply to your question. If there is any additional data you could provide, it would be appreciated. Thank you!
0 Kudos
GTM-P2G8KFN