4 Replies Latest reply on Oct 13, 2017 6:40 AM by andy777

    Event Forwarding to Syslog-ng Server

    dzndrx

      We are planning to get all the Logs/Data from SIEM to further apply analytical stuff on them (hadoop). We want to import all the data from SIEM and dump them to hadoop for processing The first phase would be getting all the logs/data from SIEM and dump them to Hadoop. We are told that the way to do this is by configuring the Log management to use Hadoop as a backend storage (NFS), but we already did this and we cannot pursue since Log management uses only 1 storage backend and cannot forward any data to other storage. (I am not quite sure about this) Second would be using the Event Forwarding capabilities of ESM. Well the question here would be. Does Mcafee supports to forward data to Syslog-ng server? Is this only the way to get data from SIEM? (Please help) Is there any integrations between hadoop? (Any vendor) Any inputs will be appreciated.