Forum Discussion
Glad to see this formally built out by LogicMonitor at this point
This isn’t supported by LM. It’s got the same level of support as any custom module built by any LM customer. Wish it was.
Now - when are we finally going to get formal support for ingesting Collector logs into LM Logs? I’d love to leverage anomalies with Collector log data.
Completely agree. Pushing audit logs and collector logs into LM Logs should be a no brainer and should either be the default, or require only a checkbox, provided those logs don’t count against license counts. That should be pretty easy by having metadata provided with the log that excludes it from counts.
Also offloading logs would be nice. Our SOC has requested we ship logs to our SIEM, but there is no real easy way to accomplish this.
You could create a datasource to query the logs and push them to your SIEM’s API log ingestion endpoint (assuming it has one). You would want to use the script cache to carry forward the timestamp of the last log sent during the previous poll. You can use this as an example.
Related Content
- 3 months ago
- 5 months ago
- 5 months ago