Skip to main content
Start a Conversation

Solved!

Go to Solution

te6

1 Message

1593

February 23rd, 2021 13:00

Dell Security Management Server Services management Events Management not reaching remote syslog

I'm running the virtual appliance for Dell Security Management Server version 10.2.14.

I have configured Events Management for  "export to syslog" via tcp/514  and have tried both an ip address and fqdn to no avail.   I've confirmed that i can reach the SIEM system on tcp/514 so that's not the issue.  What else do I need to do to have the logs sent to a remote syslog server?

SteveO1683

Moderator

 • 

146 Posts

February 24th, 2021 10:00

Hi @te6,

You're talking about the SIEM\Syslog settings under Management > Services Management > Events Management correct?

If so this configuration deals with events captured by our Advanced Threat Protection \ Dell Endpoint Security Suite Enterprise (ESSE) solution.  If you have that solution deployed events should start feeding into your SIEM\Syslog going forward.  If you do not have that solution deployed in your environment no other Dell Security Management Server events will be sent over.

DPennyDell

11 Posts

February 25th, 2021 06:00

Hey Team! 

This article outlines the information that we can currently output through the Dell Security Management Server to a Syslog/SIEM interface: https://www.dell.com/support/kbdoc/en-us/000124929

-Dale Penny

#IWork4Dell

View More

View All

No Events found!

Top