I am interested in merging SNMP + Syslog data from the firewalls (SonicWALL) I manage. With this data, I would like to accomplish two things...
1. Monitor for security events and send alerts if / when appropriate 2. Generate and send regulatory (PCI) compliance reports...this includes performance stats such as Up Time / Down Time as well as security stats (e.g. Intrusions blocked / detected)...these stats would ideally be displayed in some form of chart
At present, SNMP data is being collected by Observium and Syslog data is being collected by Graylog. The question is where would it be best to merge the data so as to accomplish the goals outlined above.
Graylog has the ability to search its data and generate report widgets (i.e. tables / charts) which in turn can be placed on a Dashboard. If I take this approach I would need to send Observium's SNMP data to Graylog but I've not been able to figure out how to do so.
Observium has the ability to ingest Syslog data and alert on it but it's unclear on how I could use it to generate tables / charts for reporting purposes.
I would appreciate any thoughts / recommendations on either of the options listed here.
Hi,
really we recommend to use Graylog for very big syslog installs. We have a good syslog collector but Graylog much better search engine.
But anyway, just follow this instructions: https://docs.observium.org/syslog/ https://docs.observium.org/config_options/#syslog-settings
as an advantage of our syslog integration: you can set syslog alerts and auto detect some entities in syslog entries (ports/bgp sessions).
Randy Schultz via observium wrote on 08.07.2020 21:48:
I am interested in merging SNMP + Syslog data from the firewalls (SonicWALL) I manage. With this data, I would like to accomplish two things...
- Monitor for security events and send alerts if / when appropriate
- Generate and send regulatory (PCI) compliance reports...this includes performance stats such as Up Time / Down Time as well as security stats (e.g. Intrusions blocked / detected)...these stats would ideally be displayed in some form of chart
At present, SNMP data is being collected by Observium and Syslog data is being collected by Graylog. The question is where would it be best to merge the data so as to accomplish the goals outlined above.
Graylog has the ability to search its data and generate report widgets (i.e. tables / charts) which in turn can be placed on a Dashboard. If I take this approach I would need to send Observium's SNMP data to Graylog but I've not been able to figure out how to do so.
Observium has the ability to ingest Syslog data and alert on it but it's unclear on how I could use it to generate tables / charts for reporting purposes.
I would appreciate any thoughts / recommendations on either of the options listed here.
-- Randy Schultz
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (2)
-
Mike Stupalov -
Randy Schultz