I'm running a 5240 master/media appliance with 3.2. We use vrealize log insight. I was reading that Splunk and an HP product are the only two log destinations that the appliance will auto-send logs to; is that correct? What is the best way to get security audit logs into vrealize? And if the answer is to download them from the web interface--would you be able to point me to the directions, either in the manuals or on a page, to do this? Thanks in advance.
Have you also reviewed what is available via API calls? The documentation is available at
https://<master-server>/api-docs/index.html (in particular look at the security section which contains access to the audit logs - at least is 8.3 it does).
Not sure if it will help, nor whether the events available are what you are after, but may be another
Aslo contrary to what @jnardello was suggesting, you shouldn't be making changes/additions to the underlying OS on the appliance - it will take your appliance out of support - especially installing additional unsupported software. Yes it can be done, but it shoudn't.