cancel
Showing results for 
Search instead for 
Did you mean: 

HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

When configuring the autolearn feature for syslog devices which HA receiver IP should be used?

The primary IP address of the HA receiver (which is what shows up in the GUI) or the shared IP of the HA receiver pair?

When I used the shared IP address to autolearn a syslog device the device appears not to autolearn, however when I use the primary IP address the syslog device is autolearned in a short period of time.

1 Solution

Accepted Solutions
rcavey
Level 9
Report Inappropriate Content
Message 5 of 6

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

Brian,

First off, you want all your syslogs to point at the shared IP versus the management IP which is used for the ESM communication.  I have not checked into 9.4.2 menus for auto learn functions but you should not have to select or define a receiver IP address. If you are, post the screenshots that got you to that point.

Cheers,

  -B

5 Replies

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

,

                    This seems to be a Buisness application, opposed to the Consumer Product. Could you kindly apprise us as to the actual application you are running, So as we can Appropiately (Move) to an area that will best serve you?

Kind Regards,

Catdaddy

McAfee Volunteer Moderator

( Consumer Products)

Cliff
McAfee Volunteer

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

Application is Enterprise Security Manager 9.4.2

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

Moved to Enterprise Security Manager for (Siem) if not the appropriate area, Please apprise.

Cliff
McAfee Volunteer
rcavey
Level 9
Report Inappropriate Content
Message 5 of 6

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

Brian,

First off, you want all your syslogs to point at the shared IP versus the management IP which is used for the ESM communication.  I have not checked into 9.4.2 menus for auto learn functions but you should not have to select or define a receiver IP address. If you are, post the screenshots that got you to that point.

Cheers,

  -B

Re: HA receiver - which IP to use for auto learn of syslog devices?

Jump to solution

I wouldn't also advise to not auto-learn.

Not for any technical reason, but rather to focus on the results of what you are looking for as opposed to trying get as much data as possible into the SIEM and then seeing what you can find.

Hope this helps

Regards,

Mark