Documentation forSecurity Event Manager

Complex deployment example with multiple syslog servers

The following deployment example uses two syslog servers located in different cities. SEM can capture logs from multiple remote locations across wide area network (WAN) links. Because the SEM Agent includes built-in encryption, compression, and buffering capabilities, this can be done securely and efficiently.

Instead of using the syslog server built in to the SEM Manager component, this design calls for one syslog server per location. When using a detached syslog server, you need to install a SEM Agent on each detached server, and then enable the appropriate connectors on the SEM Agent. Following configuration, the SEM connectors normalize raw log messages into SEM events.

If you cannot add new logging hosts on your network devices due to restrictive change management processes, consider implementing this multi syslog server deployment example to leverage your existing syslog servers.