6 Replies Latest reply on Oct 27, 2015 9:17 AM by SIEMer SIEMer

    Integration IBM Websphere




      I'm want to integrate my IBM Websphere Application Server and IBM Websphere Datapower Appliances.

      There is no ASP in McAfee SIEM out of the box.



        • 1. Re: Integration IBM Websphere



          This would probably require a professional services engagement to get McAfee to develop this, however, depending on the logging capabilities of the IBM devices, you may be able to setup syslog forwarding, or a file pull from the receiver to the appliance to grab logs, and then using the ASP parser build out custom parsers for the logs coming in.


          Unfortunately I am not familiar with the logging options of IBM Websphere, so I would not be able to direct you on that side of things. If they can forward syslog, you can setup a data source for generic, syslog, and then write custom parsers in the policy editor.

          • 2. Re: Integration IBM Websphere

            Hi Alex


            We are wanting to do the same with Websphere (and some other IBM data sources).  I have asked McAfee to comment on if they plan to release any ASPs for these sources in the near future.  Otherwise we will have to engage McAfee to develop these for us.


            I'll keep you posted if/when I get a response.



            • 3. Re: Integration IBM Websphere

              Alex & Mike,

              If one of you gents wants to 'bleach' a packet of any sensitive data I’ll gladly assist you with the process of developing and implementing a custom parser for that data source. To do so you’re looking at doing the following items:

              -Develop the Regex to the

              -Add data source

              -Create new ASP Rule

              The task is much less daunting after having done it for multiple Vendors and Device Types



              • 4. Re: Integration IBM Websphere

                Hi Jacob


                Thanks for the offer.  At this stage we have not yet added Websphere to our ESM - and don't have any sample logs as yet, it is just one of the many data sources we are looking to on board in the coming months.




                • 5. Re: Integration IBM Websphere



                  I ask my McAfee / Intel-Security Salespartner if they plan to release this ASP. I still waiting for an answer.




                  • 6. Re: Integration IBM Websphere
                    SIEMer SIEMer


                    Any instructions on how to add the IBM WebSphere as a data source and parsing?