Highlighted
Absent Member.
Absent Member.
342 views

Peer Loggers - Can they be setup for one direction searches?

Jump to solution

I work in an enviroment where we are the Global SOC, and support multiple regional SOC's, each with different customers.  Each of the regional SOC's have their own Loggers.  We also have a Global SOC Logger for certain events. We would like to use loggers to their fullest potential and allow peering, however at the present time we can not due to Logger not allowing ACL's from my understanding.

My question is; Is there a way to setup peer loggers where you have a Master / Slave relationship?  Where as the Master can search/view the Slave logger, but the Slave logger can not view the Masters events?

Thanks

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.

Re: Peer Loggers - Can they be setup for one direction searches?

Jump to solution

John,

We have the same set up here with a Federated environment. We prevent upstream searches by using security enclaves with blocks on search traffic (port 443) to the master system at our firewalls in the enclave. That way we set up peer relationships from here to division, allow them to peer their loggers, us to peer all loggers and the division not to peer outside of their designated loggers.

View solution in original post

0 Likes
Reply
1 Reply
Highlighted
Absent Member.
Absent Member.

Re: Peer Loggers - Can they be setup for one direction searches?

Jump to solution

John,

We have the same set up here with a Federated environment. We prevent upstream searches by using security enclaves with blocks on search traffic (port 443) to the master system at our firewalls in the enclave. That way we set up peer relationships from here to division, allow them to peer their loggers, us to peer all loggers and the division not to peer outside of their designated loggers.

View solution in original post

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.