2 Replies Latest reply on Nov 21, 2016 8:26 AM by hitnrunxx

    Agent Log Forwarding?

    hitnrunxx

      In our environment, we are about to have three different networks. For simplicity, I will call them A, B, and C.

       

      The situation:

      Network A can talk to Network B.

      Network B can talk to Network C.

      Network A may not, under any circumstances,talk to Network C.

       

      Network C is our primary network, and is where our LEM resides. We need to collect logs from the devices in Network A. What is the best practice?

       

      Some products, allow a "log forwarder" that you would set up in Network B to collect those Network A logs and pass them on to Network C. Doing some research (and speaking to support) it sounds like the LEM only supports SYSLOG forwarding, and does not have any options for Agent-Data Log Forwarding. Is this correct? Has anyone run into a similar issue, and if so, how did you overcome it? (Support's suggestion is a completely separate LEM that sits in Network B, and does not interact with the exist LEM).

        • Re: Agent Log Forwarding?
          curtisi

          So, if I read that right, you've defined...

           

          A → B → C.

           

          Can communication go back?  Is it just that one direction or can we do...?

           

          A ↔ B ↔ C

           

          If B can communicate both ways with A and C, it seems like LEM ought to live in network B "on top of the wall" where it can see both sides.

          1 of 1 people found this helpful
          • Re: Agent Log Forwarding?
            hitnrunxx

            Sorry about the delay. It never notified me I had a response, and that project was temporarily suspended in lieu of another project.

             

            To get back into the discussion as time is coming up, you are correct that the communication goes both ways:

             

            A ↔ B ↔ C

             

            I appreciate your solution and it is a good thought. The downside (that I neglected to mention) is that there is also a DMZ Z that is only able to communicate (both ways) with A. So moving the LEM into the newer B Network (essentially another DMZ) is not as feasible. That's why I was hoping for a log-forwarder option. Something that could collect and forward the logs to the LEM without actually having to build another, separate, LEM instance.

             

            Thank you for your input and reply.