cancel
Showing results for 
Search instead for 
Did you mean: 

Using a single CIFS Server for Multiple Data Sources

Hi,

We have a number of data sources that generate flat files that are moved to a central CIFS Server. I would like to add these data sources to the SIEM but the confguration doesn't seem to allow for this scenario as the details used to configure the data source are the also used for the CIFS connection unless I can use the path field for this purpose.

ESM15.PNG  

2 Replies
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Using a single CIFS Server for Multiple Data Sources

Hi

 Try Creating 1 Parent of CIFS with a fake IP (e.g. 10.0.0.0)

and add a "Client"child for each CIFS Member You wish to connect.

Best regards.

Reliable Contributor akerr
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Using a single CIFS Server for Multiple Data Sources

How are the logs stored from the different data sources?   Are they named differently, in different directories in the same share?

 

I don't honestly quite understand the problem.  Generally in a scenario like this, I'd setup the CIFS as a system profile so you only have to add (and update) the settings once. 

Then you can add the data sources and just setup the path and or log names as needed in separate data sources (as clients/children if you prefer).  For example, if they log files are named ServerName.log, you might have one data source pulling Server1.log, and another pulling Server2.log.

 

I did a quick test in our lab and didn't have a problem having this type of setup with two different data sources added.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center