3 Replies Latest reply on Apr 27, 2012 3:35 PM by rand000

    Sending syslog/events from Bit9 parity to Solarwinds LEM

    rand000

      Has anyone had success doing this? We are having a hard time making this work.

        • Re: Sending syslog/events from Bit9 parity to Solarwinds LEM
          nicole pauls

          We'll create a KB for this one once we've been able to confirm the instructions. Basically, you'll need to configure the Bit9 Parity system to syslog, then configure the Bit9 Parity syslog connector on the LEM appliance (or syslog server agent node).

           

          To configure bit9 to syslog (you should enter the LEM appliance or syslog server's IP under "IP address" and the default port of 514 should be correct):

          Forwarding events to syslog is done through the Server Status view on the System Configuration page. This page displays information about the Parity Server and allows edition of several parameters. To configure syslog, click Edit at the bottom of the page and tick the "Syslog enabled" check box and enter the IP address next to "Syslog address". verify that the "Syslog port" entry is correct and click "Update".

          After doing that, go to Manage > Appliances (assuming you're syslogging to the LEM appliance directly), click the gear and choose "Tools", then navigate to the "Data Loss Prevention" section, click the Gear next to "Bit9 Parity v5+ Syslog" and choose "New". You should be able to just hit save (unless you need/want to change the name) and then click Gear > Start to start the monitoring.

           

          It's of course possible that Bit9 has changed things since our initial integration, so if you run into problems, let us know.

           

          You might be the same person that contacted support for help. If so, and they do solve your problem, post back here and let us know how.