Do we support forwarding of logs toward multiple ESM from single receiver? For example if the main ESM setup is not reachable can the receiver automatically forward it to the secondary setup.
To be clear : i am not talking about primary and secondary ESM but primary and secondary setups
You must setup a redundancy between prim and sec ESM and the Receiver will send all data only to the primary ESM. The ESM will share information between Primary and Secondary.
Click on the Property icon top right. On this Page there is Backup & Restore click on this link. In the next windows click on Redundancy. In the next windows you can define which is Primary and which is the Redundant ESM
If you are on the Primary ESM activate the radio button for primary select the ssh port an configure a notification E-Mail. Click on the add button and add the Redundant management IP Adresse of the Secondary ESM.
The same for the Secondary ESM but activate the radio button for Redundant and add the Primary ESM Management IP-Adresse and the ssh port.
You can read this configuration in the SIEM manual on page 282 esm_960_pg_en_us.pdf you can download this pdf on the mcafee page under product download.