Forum Discussion

spitman1's avatar
spitman1
Level 3
5 years ago

copying audit logs off appliance

I'm running a 5240 master/media appliance with 3.2. We use vrealize log insight. I was reading that Splunk and an HP product are the only two log destinations that the appliance will auto-send logs to; is that correct? What is the best way to get security audit logs into vrealize? And if the answer is to download them from the web interface--would you be able to point me to the directions, either in the manuals or on a page, to do this? Thanks in advance.

  • "NetBackup appliances use the Rsyslog client to forward logs. In addition to HP ArcSight and Splunk, other log management servers that support the Rsyslog client can also be used to receive syslogs from the appliance. Refer to the log management server documentation to verify Rsyslog client support." ... "NetBackup appliance currently supports only TLS Anonymous Authentication for log forwarding" So, does your log manager support the rsyslog client & TLS Anonymous Authentication ? That aside, have you tried it ? Unsupported does not always mean it won't work after all, it just means they didn't test it out and/or are willing to put support hours into it. See also legacy NBU versions still continuing to work years after EOL. =) Being a custom RHEL server basically, at the OS level you may have alternatives you can use to set up log forwarding by following whatever the RHEL recommendations are from your existing log server vendor.