HPE Community
IMC
1849253 Members
4776 Online
104042 Solutions
New Discussion

IMC correlated alarms (integration with siem)

 
pauliusz
Occasional Visitor

‎01-20-2020 02:34 AM

‎01-20-2020 02:34 AM

IMC correlated alarms (integration with siem)

We are looking for integration HPe IMC with LogRhythm, the purpose of this integration is to see IMC correlated alarms in LogRhythm SIEM.

I find the path where we can find all IMC logs C:\Program Files\iMC\server\conf\log\, but here I can‘t find any alert logs. In log file imcnetresdmxxx.xx.xx I can find information about network device reboot or power on, but the problem is that here we get information only then when device is up after power off.

 

I am looking for information where I can find logs which can show information when network device started to be not reachable. Thanks in advance.

0 Kudos
1 REPLY 1
jguse
HPE Pro

‎01-20-2020 04:49 AM

‎01-20-2020 04:49 AM

Re: IMC correlated alarms (integration with siem)

Hello,

I would not recommend trying to correlate iMC Alarms with a SIEM using the logfiles on the iMC system. These logs are primarily intended for use by Support and Engineering to troubleshoot issues.

As far as I can see, LogRhythm supports SNMP as an event source. Hence you should be able to set up iMC's Alarm Forwarding feature to forward all Alarms as SNMPv1 Traps to the LogRhythm software. That can be configured under Alarm > Alarm Settings > Alarm Notification > Add Alarm Forwarding rule.

Here is an example for you, where we forward only the 'device does not respond to poll packets' alarm:

Alarm-Forward-Logrhythm.png

Hope that helps.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.