cancel
Showing results for 
Search instead for 
Did you mean: 

Forward Audit Logs to SIEM

johnmath99
Level 3

I have a requiremennt to have audit logs sent to a SIEM (in this case IBM QRadar) which detail the "who", "what" and "when" of admin activities.  I know audit details are held in the EMM and can be interogated using audit cmds but how can I either redirect a log version to a SIEM or regularly extract detail into a log format and forward that, presumably by email.

Thanks

2 REPLIES 2

Michael_G_Ander
Level 6
Certified

Don't think you can extract the information directly from the EMM, but OpsCenter has all the information and here you have possibility to make SQL queries.

Will be very interested if you find a way to extract directly from  the EMM on the master

The standard questions: Have you checked: 1) What has changed. 2) The manual 3) If there are any tech notes or VOX posts regarding the issue

Nicolai
Moderator
Moderator
Partner    VIP   

Netbackup applicnces version 3.0 and higher has a log forwarding feature (syslog host feature).

See https://www.veritas.com/support/en_US/article.000126090

Log forwarding of user audit is a much wanted feature that was high on Veritas priority list when I was attending the Enhanced auditing/ RBAC scrum demos. Right now you have to pipe text from nbauditcmd to your preferred SIEM system.