Configure ELA to receive SEPM logs
Per the website it states "Collects logs from heterogeneous sources (Windows systems, Unix/Linux systems,
Applications,
Databases, Routers, Switches and
other Syslog devices) at a centralized location".
Per PCI 5.2.d, I have to retain AV software logs. I'm looking around and do not see how to set ELA as the external syslog server. I already have an agent installed on my SEPM server collecting the Windows logs. Any idea as to how to set this up correctly?
I understand that SEPM backs up the logs, and they are available for 90 days prior to archival, but the problem is the backup location is on the C:\ drive by default and you can't change that w/out moving the entire Data folder to another drive. This would entail providing another VHD for my VM to use and I would rather just have ELA handle the retention since I have it set up for PCI compliance anyway. This way all my PCI logs are in one place. I can always check SEPM for the first 90 days, then ELA for the other 9 months.
SEPM 12.1.4013 settings screenshots attached.
Per PCI 5.2.d, I have to retain AV software logs. I'm looking around and do not see how to set ELA as the external syslog server. I already have an agent installed on my SEPM server collecting the Windows logs. Any idea as to how to set this up correctly?
I understand that SEPM backs up the logs, and they are available for 90 days prior to archival, but the problem is the backup location is on the C:\ drive by default and you can't change that w/out moving the entire Data folder to another drive. This would entail providing another VHD for my VM to use and I would rather just have ELA handle the retention since I have it set up for PCI compliance anyway. This way all my PCI logs are in one place. I can always check SEPM for the first 90 days, then ELA for the other 9 months.
SEPM 12.1.4013 settings screenshots attached.
Topic Participants
Troy Davis
Vignesh Kannan
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?