cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I send specif events to the ELM/external storage?

Hi all,

does anyone know if it is possible to send to the ELM only some specific events for a data source?

I've configured some DB server as a data source, but I'd like to send to the pool -in this case this is an external storage where the customer wants to store only these specific events- only the logs related to some specific events/alarms/rules configured.

I've tried using an alarm/correlation rule, but I can only add these filtered/new events to the others events..

Any idea?

Best regards,

Mauro

4 Replies
siemchris
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Can I send specif events to the ELM/external storage?

Hi Mauro

It sounds like what you want to do is have all of your DB server events sent to the ESM but then only some of those sent to the ELM? If that is what you need I am not aware of a way to do that and you would be best to submitt a PER for that at https://mcafee.acceptondemand.com/index.jsp

There is a method to filter out events before they are parsed and sent to the ESM and those can be sent directly to the ELM. But that would mean that those specific events would not be seen in the ESM, only in the ELM. There is a KB Article KB74834 which describes in some detail how to accomplish this.

Let me know if this helps.

Chris

Re: Can I send specif events to the ELM/external storage?

Hi Chris,

I'd  like to see them on both the ESM and the ELM. The issue here is that these db log a lot of events, and , for be compliant with our (Italian) regulations , we need to store(sending only these logs to the ELM/NAS)  only the access to that db using administrative account..

best regards and many thanks for your help,

Mauro

kcole
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Can I send specif events to the ELM/external storage?

Hello Maurovezz,

This is a new feature request and I can help by creating a product enhancement request on your behalf.  However, in order to associate the request to you so you can track it, I need your contact information.   If you would like me to do this, please email me at kara_cole@mcafee.com

Thank you,

Kara

Re: Can I send specif events to the ELM/external storage?

Hi Kara,

ok, thank you. Yesterday I sent you an email with all my info

best regards,

Maurovezz

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community