Question & Answer
Question
I want to use centralized monitoring of IBM Security Guardium, but can Guardium messages be sent to different recipient servers according to a specific criteria?
Answer
Yes. However, you can only use message priority as a criteria to send messages to different server, as the majority of messages issued by the Guardium appliance will be from the daemon message facility.
The standard IBM Guardium severity codes for alerts and violations map as follows:
IBM Guardium Severity | Syslog priority |
INFO | info |
LOW | warning |
MED | err |
HIGH | alert |
The CLI command to configure remote syslog messages is:
store remotelog add non-encrypted|encrypted <facility.priority> <host[:port]> <tcp|udp>
Related Information
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.2;8.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21647605