does anyone know if it is possible to send to the ELM only some specific events for a data source?
I've configured some DB server as a data source, but I'd like to send to the pool -in this case this is an external storage where the customer wants to store only these specific events- only the logs related to some specific events/alarms/rules configured.
I've tried using an alarm/correlation rule, but I can only add these filtered/new events to the others events..
It sounds like what you want to do is have all of your DB server events sent to the ESM but then only some of those sent to the ELM? If that is what you need I am not aware of a way to do that and you would be best to submitt a PER for that at https://mcafee.acceptondemand.com/index.jsp
There is a method to filter out events before they are parsed and sent to the ESM and those can be sent directly to the ELM. But that would mean that those specific events would not be seen in the ESM, only in the ELM. There is a KB Article KB74834 which describes in some detail how to accomplish this.
Let me know if this helps.
I'd like to see them on both the ESM and the ELM. The issue here is that these db log a lot of events, and , for be compliant with our (Italian) regulations , we need to store(sending only these logs to the ELM/NAS) only the access to that db using administrative account..
best regards and many thanks for your help,
This is a new feature request and I can help by creating a product enhancement request on your behalf. However, in order to associate the request to you so you can track it, I need your contact information. If you would like me to do this, please email me at firstname.lastname@example.org