cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ERC sending logs to multiple ESM

Do we support forwarding of logs toward multiple ESM from single receiver? For example if the main ESM setup is not reachable can the receiver automatically forward it to the secondary setup.

To be clear : i am not talking about primary and secondary ESM but primary and secondary setups

2 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: ERC sending logs to multiple ESM

Moved from Community Support to Security Information and Event Management (SIEM>Discussions

Cliff
McAfee Volunteer
xded
Level 12
Report Inappropriate Content
Message 3 of 3

Re: ERC sending logs to multiple ESM

You must setup a redundancy between prim and sec ESM and the Receiver will send all data only to the primary ESM. The ESM will share information between Primary and Secondary. 

Configuration ->

Click on the Property icon top right. On this Page there is Backup & Restore click on this link. In the next windows click on Redundancy. In the next windows you can define which is Primary and which is the Redundant ESM

If you are on the Primary ESM activate the radio button for primary select the ssh port an configure a notification E-Mail. Click on the add button and add the Redundant management IP Adresse of the Secondary ESM.

The same for the Secondary ESM but activate the radio button for Redundant and add the Primary ESM Management IP-Adresse and the ssh port.

You can read this configuration in the SIEM manual on page 282 esm_960_pg_en_us.pdf you can download this pdf on the mcafee page under product download.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator