Hi all,
a client ask us if it's possible to integrate Veeam LHR with a SIEM product. They want to receive /var/log/*.* to analyze it with their SIEM product.
Is there a way/workaround to send required logs?
Thanks for your suggestion.
-
Andanet
- Veeam Legend
- Posts: 43
- Liked: 5 times
- Joined: Jul 08, 2015 8:26 pm
- Full Name: Antonio
- Location: Italy
- Contact:
[VHRISO] LHR and SIEM Integration
Antonio aka Andanet D'Andrea
Backup System Engineer Senior at Sorint.lab ¦ VMCE2021-VMCA2022 | VEEAM Legends 2023 | VEEAM VUG Italian Leader ¦
Backup System Engineer Senior at Sorint.lab ¦ VMCE2021-VMCA2022 | VEEAM Legends 2023 | VEEAM VUG Italian Leader ¦
-
HannesK
- Product Manager
- Posts: 15408
- Liked: 3360 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: LHR and SIEM Integration
Hello,
as you do not mention the ISO, I assume that you manage the operating system / syslog configuration yourself. So you can configure syslog to send data to your SIEM system.
From Veeam Backup & Replication the syslog configuration is in the main configuration options. Nothing special for proxies, (Hardened) Repositories etc.
If you are using the Hardened Repository ISO, then there is nothing built-in. Technically you could unlock the machine (live boot or single user mode) and re-configure syslog to your needs but that's outside what Veeam and "at your own risk".
Best regards
Hannes
as you do not mention the ISO, I assume that you manage the operating system / syslog configuration yourself. So you can configure syslog to send data to your SIEM system.
From Veeam Backup & Replication the syslog configuration is in the main configuration options. Nothing special for proxies, (Hardened) Repositories etc.
If you are using the Hardened Repository ISO, then there is nothing built-in. Technically you could unlock the machine (live boot or single user mode) and re-configure syslog to your needs but that's outside what Veeam and "at your own risk".
Best regards
Hannes
-
Andanet
- Veeam Legend
- Posts: 43
- Liked: 5 times
- Joined: Jul 08, 2015 8:26 pm
- Full Name: Antonio
- Location: Italy
- Contact:
Re: LHR and SIEM Integration
Hi Hannes,
thanks for your reply. I apologize for the misunderstanding, but when I wrote Veeam LHR I meant specifically through the use of ISO.
I will specify to the customer what you wrote to me, but if they ask me to do so, I can simply modify the file /etc/rsyslog.conf, correct?
Regards
thanks for your reply. I apologize for the misunderstanding, but when I wrote Veeam LHR I meant specifically through the use of ISO.
I will specify to the customer what you wrote to me, but if they ask me to do so, I can simply modify the file /etc/rsyslog.conf, correct?
Regards
Antonio aka Andanet D'Andrea
Backup System Engineer Senior at Sorint.lab ¦ VMCE2021-VMCA2022 | VEEAM Legends 2023 | VEEAM VUG Italian Leader ¦
Backup System Engineer Senior at Sorint.lab ¦ VMCE2021-VMCA2022 | VEEAM Legends 2023 | VEEAM VUG Italian Leader ¦
-
HannesK
- Product Manager
- Posts: 15408
- Liked: 3360 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [VHRISO] LHR and SIEM Integration
Hello,
no worries, I edited the title to clarify it for future readers.
yes, /etc/rsyslog.conf sounds good
Best regards
Hannes
no worries, I edited the title to clarify it for future readers.
yes, /etc/rsyslog.conf sounds good
Best regards
Hannes
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], nmdange, Semrush [Bot] and 14 guests