Nebula platform & SIEM integration
Hi,
I wondered if (and how) it is possible to integrate Nebula platform log to a SIEM (may be through Open API?)
Thanks for sharing!
Accepted Solution
-
Hi @icsaucoapsa,
Thanks for your feedback. I will wait for your DM.
About your question:
- each device will send its syslog flow to the defined address individually, right?
> Yes, each device will send its syslog to the defined address individually. - Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
> Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.
0 - each device will send its syslog flow to the defined address individually, right?
Zyxel Employee
All Replies
-
Hi @icsaucoapsa,
Which log do you want to integrate?
If you want to receive the device's logs, you could consider using the Syslog service to get the logs.
This feature is in Site-wide > General setting > Reporting > Syslog Server to set up.
Hope it helps.
0 -
Hi Melen,
Thanks for your quick answer.
In fact I'd like to integrate platform log (users log-in, change and delete from Nebula) as well as device (AP, switch…) state logs and client connections on AP.
Does this means that I need to collect syslog (and/or) API from nebula portal and also directly (syslog) from every single device?
In that case, it means I should create VPN from each site to my central SIEM + a secure link from Nebula Cloud.
0 -
Hi @icsaucoapsa,
Apology for the late reply.
May I know why you would like to integrate the Nebula platform log into a SIEM?
Is it for the information security audit? If yes, could you PM me what modus will be used to audit the platform logs? So I can help to clarify how to fulfill your requirement.For the device logs, you just need to configure the Syslog server setting in Site-wide > General setting > Reporting > Syslog Server. This will apply to all devices in your site.
0 -
Hi Melen,
my time to apologize…
Yes, it is for information security purpose. I'll DM you when I get the detailed case defined.
Regarding syslog:
- each device will send its syslog flow to the defined address individually, right?
- Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
Regards,
0 -
Hi @icsaucoapsa,
Thanks for your feedback. I will wait for your DM.
About your question:
- each device will send its syslog flow to the defined address individually, right?
> Yes, each device will send its syslog to the defined address individually. - Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
> Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.
0 - each device will send its syslog flow to the defined address individually, right?
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
