Nebula platform & SIEM integration
Hi,
I wondered if (and how) it is possible to integrate Nebula platform log to a SIEM (may be through Open API?)
Thanks for sharing!
Accepted Solution
-
Hi @icsaucoapsa,
Thanks for your feedback. I will wait for your DM.
About your question:
- each device will send its syslog flow to the defined address individually, right?
> Yes, each device will send its syslog to the defined address individually. - Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
> Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.
Zyxel Melen
0 - each device will send its syslog flow to the defined address individually, right?
All Replies
-
Hi @icsaucoapsa,
Which log do you want to integrate?
If you want to receive the device's logs, you could consider using the Syslog service to get the logs.
This feature is in Site-wide > General setting > Reporting > Syslog Server to set up.
Hope it helps.
Zyxel Melen
0 -
Hi Melen,
Thanks for your quick answer.
In fact I'd like to integrate platform log (users log-in, change and delete from Nebula) as well as device (AP, switch…) state logs and client connections on AP.
Does this means that I need to collect syslog (and/or) API from nebula portal and also directly (syslog) from every single device?
In that case, it means I should create VPN from each site to my central SIEM + a secure link from Nebula Cloud.
0 -
Hi @icsaucoapsa,
Apology for the late reply.
May I know why you would like to integrate the Nebula platform log into a SIEM?
Is it for the information security audit? If yes, could you PM me what modus will be used to audit the platform logs? So I can help to clarify how to fulfill your requirement.For the device logs, you just need to configure the Syslog server setting in Site-wide > General setting > Reporting > Syslog Server. This will apply to all devices in your site.
Zyxel Melen
0 -
Hi Melen,
my time to apologize…
Yes, it is for information security purpose. I'll DM you when I get the detailed case defined.
Regarding syslog:
- each device will send its syslog flow to the defined address individually, right?
- Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
Regards,
0 -
Hi @icsaucoapsa,
Thanks for your feedback. I will wait for your DM.
About your question:
- each device will send its syslog flow to the defined address individually, right?
> Yes, each device will send its syslog to the defined address individually. - Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
> Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.
Zyxel Melen
0 - each device will send its syslog flow to the defined address individually, right?
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 333 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight