Management Center and Reporting

 View Only
  • 1.  Reporter to Splunk

    Posted Jun 07, 2019 12:43 AM

    Hi;

    Can the Symantec Reporter forward to a Splunk Server? If so, what's the mechanism there? is it forwarding actual access logs data that has been forwarded to it from a Proxy SG or

    Does the Reporter forward reporting data "meta-data" to the Splunk server rather than the actual access logs?

     

    Kindly

    Wasfi



  • 2.  RE: Reporter to Splunk

    Posted Jun 07, 2019 01:05 AM
    Dear Wasfi, As of is it not possible to send logs to splunk server from Reporter. But from Proxy, you send logs to additional server like SIEM by creating custom log format.


  • 3.  RE: Reporter to Splunk

    Posted Oct 14, 2020 12:31 AM
    Hi Aboonalm, please can you help me which the method to send logs to additional server like SIEM.


  • 4.  RE: Reporter to Splunk

    Broadcom Employee
    Posted Oct 14, 2020 11:05 AM
    Hi Support Tech,

    The ProxySG doesn't inherently allow you to offload the same log, and so there are two methods that I am aware of:

    1) Have the ProxySG upload to a server, and have the server duplicate and forward the logs to where they need to go.

    2) Have the ProxySG make two logs for all traffic (this increases resources used) and then upload one log to reporter, and the other to Splunk.

    More info can be found in this KB.

    Thanks!