We have two McAfee Combination boxes that we purchased a couple of years ago. My predecessor purchased two thinking he would be able to use them in a redundant fashion (have logs/events replicated between them) and the vendor who sold them to us said they could be used in this manner as well. When it came around to installation time though they said we would have to gather logs from each device independently. We decided to just use one of them and the other is pretty much just collecting dust.
Fast forward a couple of years, i upgraded to 9.5 a couple of nights ago and i looked at some of the documentation online and there are references to "redundant SIEM", it looks like it is only for the ELM though, correct? Is there a scenario in which i could utilize the second combination box, have all of my logs, etc replicated to it so in the instance we have a disaster all i have to do is connect to a different hostname and view the ESM on the secondary unit?
I really hate having this other appliance just sitting there taking up space and would like to utilize it somehow.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.