Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Ability for Domino server logs to be send to Syslog server McAfee SIEM

Ability for sending Domino server logs  to Syslog server McAfee SIEM"


(A) Information found that seems to imply that the action requested is not supported yet
 Identified existing Enhancement Request
Lotus Notes SPR # NASS9Y7T2V  -APAR LO85586
Domino Server To Have A Syslog Client Functionality

 
(B) Information found that seems to imply that the action can be achieved somehow:
(1) UNIX blogger referring to a way to send domino logs to syslog, but seems unix specific are not windows specific
Sending Domino logs to syslog
http://lpar.ath0.com/2011/07/19/sending-domino-logs-to-syslog/

(2) Identified Technote with info about equivalence between Domino severities and syslog unix severities :
How do UNIX syslog severities map to Domino severities when using the "Log to Unix System Log" Event Notification feature?
http://www-01.ibm.com/support/docview.wss?uid=swg21208005

(3) Identified indications that QRadar could be configured to discover incoming syslog events from IBM Lotus Domino device once SNMP Services are configured. but I would not know how does this translate into syslog McAfee SIEM server.
You can integrate an IBM Lotus Domino® device with IBM Security QRadar. An IBM Lotus Domino device accepts events using SNMP.
ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/LogMgr/QRadar_71MR1_DSMConfigurationGuide.pdf


Other relevant information:
syslog uses UDP listening on port 514
SNMP uses UPD listening on port 161

syslog- Wikipedia article
https://en.wikipedia.org/wiki/Syslog
When operating over a network, syslog implements a client-server application structure where the server listens on a well-known or registered port for protocol requests from clients. Historically the most common Transport Layer protocol for network logging has been User Datagram Protocol (UDP), with the server listening on port 514. As UDP lacks congestion control mechanisms, support for Transport Layer Security is required to implement and also recommended for general use[10] on Transmission Control Protocol port 6514.[11]

Simple Network Management Protocol -Wikipedia article
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Protocol details
SNMP operates in the application layer of the Internet protocol suite. All SNMP messages are transported via User Datagram Protocol (UDP). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response is sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security, requests are received on port 10161 and notifications are sent to port 10162.[3]

SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequest were added in SNMPv2 and the Report PDU was added in SNMPv3. All SNMP PDUs are constructed as follows:

The Domino SNMP Agent ( Domino Administration Help Manual)
https://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/admn_thedominosnmpagent_c.html

Development team advised to raise enhancement request to to support this functionality

From Development : as your researched showed, there is no documented way for Domino on Windows to send information to syslog server McAfee SIEM. Sounds like an enhancement/feature request

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Aug 3 2018
  • Attach files