Documentation forSecurity Event Manager

Complex deployment

A complex deployment uses two syslog servers located in different cities. SEM can capture logs from multiple remote locations across wide area network (WAN) links. Because the SEM agent includes built-in encryption, compression, and buffering capabilities, this deployment can be implemented securely and efficiently.

Instead of using the syslog server built in to SEM Manager, this deployment uses one syslog server for each location. If you implement a detached syslog server, install a SEM agent on each detached server. When you are finished, enable the appropriate connectors on the SEM agent.

After you complete and implement this configuration, the SEM connectors will normalize raw log messages into SEM events.

If you cannot add new logging hosts on your network devices due to restrictive change management processes, consider implementing this multi-syslog server deployment to leverage your existing syslog servers.