- This topic is empty.
Viewing 1 post (of 1 total)
- Posts
Configuring Syslog in McAfee Database Security Server to forward alerts to a SIEM or Syslog receiver
Solution
- Open the Database Security Console.
- Click System, Interfaces, Syslog.
- Set the following values:
- Host: IP address your All-In-One or Streamer Precinct VM
- Port: 514
- Transport: UDP
- Maximum Packet Length: 64
- Facilities: user
- Format: CEF
- Enter the following details in the Alert Format Details field:
CEF:0|McAfee|Database Security|$serverVersion$|alert|$rules.name:150$|$importance$| externalId=$id$ rt=$executionTime.time$ cs1=$database.name:20$ cs1Label=DBMS dst=$agent.ip$ src=$sourceIP$ duser=$execUser:20$ suser=$osUser:20$ shost=$sourceHost:30$ dproc=$execProgram:20$ act=$cmdType:15$ cs2=$operation:225$ cs2Label=SqlStatement cs3=$accessedObjects.name:200$ cs3Label=AccessedObjects
- Enter the following details in the Result Format Details field:
CEF:0|McAfee|Database Security|$serverVersion$|va result|$rule.name:150$|$importance$|externalId=$id$ rt=$executionTime.time$ destinationServiceName=$database.name:20$ dhost=$database.vaHost$ cat=$rule.category.name$ msg=$shortErr$ cs1=$colBody1:20$ cs1Label=$colHeader1:20$ cs2=$colBody2:20$ cs2Label=$colHeader2:20$ cs3=$colBody3:20$ cs3Label=$colHeader3:20$ cs4=$colBody4:20$ cs4Label=$colHeader4:20$ cs5=$colBody5:20$ cs5Label=$colHeader5:20$ cs6=$colBody6:20$ cs6Label=$colHeader6:20$ - Click Save.
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.