Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 6340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

exporting logs from enterprise console 5.0.0.8 to an external appliance

ballietk
we are running sophos enterprise console 5.0.0.8 and want to export the logs from the console to an appliance provided to us by our SIEM provider. the only thing i saw in regards to this in the documentation was how to export the logs to a particular directory. if possible we would like to find an automated way for the logs to be pushed to this external appliance within a specified time frame. is anyone else doing something like this? thanks
:26459


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    What data are you trying to move to the appliance?  Threat alerts, computer information?  I assume it's not just the log files of the product as I don't think they would mean too much.

    What format can the appliance consume, some sort of seperated text file?  

    Does the "client" have to push the files or can the appliance read?  Could the appliance perform SQL queries on the database?

    It maybe that the Sophos Reporting Interface and the Log Writer could be used for this.  It depends on what data you are trying to move.

    Some info is here:

    /search?q= 8285

    Even if you didn't use the Log Writer, but just installed the interface (this is installed in the 5.1 verison by default) you could write a simple script to just dump data to a file that the appliance could pick up.

    Regards,

    Jak

    :26465
Reply
  • 0

    Hi,

    What data are you trying to move to the appliance?  Threat alerts, computer information?  I assume it's not just the log files of the product as I don't think they would mean too much.

    What format can the appliance consume, some sort of seperated text file?  

    Does the "client" have to push the files or can the appliance read?  Could the appliance perform SQL queries on the database?

    It maybe that the Sophos Reporting Interface and the Log Writer could be used for this.  It depends on what data you are trying to move.

    Some info is here:

    /search?q= 8285

    Even if you didn't use the Log Writer, but just installed the interface (this is installed in the 5.1 verison by default) you could write a simple script to just dump data to a file that the appliance could pick up.

    Regards,

    Jak

    :26465
Children
No Data