Video Screencast Help
Search Video Help Close Back
to help

Windows central log collection by SSIM

Created: 11 Oct 2012 | 8 comments
Ashif.a's picture
Ashif.a
0 0 Votes
Login to vote

hi,

is it possible to collect windows logs on a windows central server.

if we install and configure ssim on that windows central server will ssim manager be able to collect logs from all the servers.

will the logs be segregated based on the server name / ip address.

Discussion Filed Under:
, ,

Comments 8 CommentsJump to latest comment

Avkash K's picture
Avkash K Partner
Windows central log collection by SSIM - Comment:11 Oct 2012 : Link

Yes, it is possible to configure the single windows server to fetch the logs from other servers.

You need to install Agent & collector on single server & that server wil remotly fetch the logs from other server.

In the logs you can differentiate the logs for all servers from collection device IP field which will be diff for servers.

 

Please refer below links.

https://www-secure.symantec.com/connect/articles/ssim-integration-strategies-windows

Regards,

Avkash K

+1
Login to vote
  • Actions
Ashif.a's picture
Ashif.a
Windows central log collection by SSIM - Comment:11 Oct 2012 : Link

thanks for the info. Which version of SIM does it support this. Is it supported on SSIM 4.3,4.6?

Regards,

Ashif

0
Login to vote
  • Actions
Avkash K's picture
Avkash K Partner
Windows central log collection by SSIM - Comment:11 Oct 2012 : Link

this all details which i have shared is tested for 4.7.3.

Regards,

Avkash K

0
Login to vote
  • Actions
P4Amdik19's picture
P4Amdik19
Windows central log collection by SSIM - Comment:11 Oct 2012 : Link

Dear Ashif.a

The Integration strategies will be the same for all SSIM versions..

Thanks & Regards

Pratik Mahadik

+1
Login to vote
  • Actions
Ronaldo.Santos's picture
Ronaldo.Santos
Windows central log collection by SSIM - Comment:24 Oct 2012 : Link

Hi people,

 

In case for windows server 2008?

0
Login to vote
  • Actions
sviridov's picture
sviridov Partner Accredited
Windows central log collection by SSIM - Comment:25 Oct 2012 : Link

see Microsoft_Vista_and_Win_2008_Svr_v4.4.11_MSVista_MSWIN2k8Svr_EN

All my posts are made by google translator!

0
Login to vote
  • Actions
Ronaldo.Santos's picture
Ronaldo.Santos
Windows central log collection by SSIM - Comment:25 Oct 2012 : Link

But this manual don,t explain collector central.

Do you need install agent and collector for each windows?

can you centralize in a Windows server 2008, for catch logs more windows server?

0
Login to vote
  • Actions
antilles's picture
antilles Partner Accredited
Windows central log collection by SSIM - Comment:25 Oct 2012 : Link

Most of available event collectors is able to gather logs remotely, but you must remember about Symantec's recommendation described in this KB article: http://www.symantec.com/docs/TECH89865

Moreover, single SSIM appliance cannot handle thousands encrypted connections from remote Agents so if somebody is planning to deploy SSIM architecture with several hundreds of Agents then he/she should revise it immediately...
KB: http://www.symantec.com/docs/TECH132954

Regarding the question - Yes, Windows Vista & Windows 2008 Event Collector is able to collect events remotely, so it's possible to setup single off-box Agent with this collector and configure up to 35 its instances called sensors. It's possible to configure more sensors per single Agent but 30/35 is the recommended number.
There are several KB articles with guidelines how to do it in different scenarios...

Regards

0
Login to vote
  • Actions