1 Reply Latest reply on Sep 12, 2013 12:44 PM by Scott Taschler

    Raw log storage in ESM




      We are in process of implementing a SIEM.

      A vendor has suggested mcafee ETM-6000-ELM.

      The datasheet says that the appliance has 14 Terabyte of storage space.

      However some disucssions with the pre-sales has resulted in a notion that the storage is only for parsed logs.


      I need storage space of at least 4 Terabyte for storing raw logs.


      Is storage of raw logs possible on the combined ETM-6000-ELM.  ?



        • 1. Re: Raw log storage in ESM
          Scott Taschler

          Your pre-sales technical rep is correct: the storage on the combo appliances, as of the current version, is available only for the parsed logs managed by the ESM.  For raw logs, you will need to augment with some external storage.  Options include:


          - DAS (purchased from McAfee along with your ETM-6000-ELM)

          - SAN (may require purchasing optional SAN card for your appliance)

          - iSCSI

          - NFS

          - CIFS