Configure Aria Operations for Logs to send operating system logs to an external Splunk collector

search cancel

Configure Aria Operations for Logs to send operating system logs to an external Splunk collector

book

Article ID: 414987

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

There is a requirement to send Operations for Logs appliance logs to a third party, like Splunk, for security monitoring.

Environment

Aria Operations for Logs 8.18.x

Resolution

The steps to achieve this can be found in the KB below;

Forwarding OS logs for Aria Operations for Logs to Syslog Server like Splunk SIEM.

Additional Information

For clarity, the flow of logs will be LI Agent -> Operations for Logs -> Log Forwarding -> Splunk

Ensure that a full list of required logs is available from the security team. This will allow you to configure the agent accurately in the Operations for Logs UI. Log Forwarding information can be found below;

Add a Log Forwarding destination

An agent can be configured to send logs, via syslog protocol, to a third party; however, the agent must also send the logs to the cluster as well. That process is detailed below;

Configure Operations for Logs agent to send logs to a third party.

Feedback

thumb_up Yes

thumb_down No