Nemesida WAF can be integrated with external SIEM systems. To do this, you need to configure the collection of events from all servers where Nemesida WAF is installed. There are several ways to do this:
Setting up a centralized operation events using Nemesida WAF Cabinet
The Enterprise plan allows you to organize centralized collection, storage and processing of logs of all Nemesida WAF components using the capabilities of the Nemesida WAF API and Nemesida WAF Cabinet. For for Light and Business plans, the collection of events and their centralized sending to a remote server can be configured independently using standard tools, for example,
Rsyslog
.
The organization of centralized collection, storage and processing of logs of all components of Nemesida WAF is available by default and does not require additional configuration, it is enough to update all components to the current version. After updating the components, the corresponding functionality will be available in the Nemesida WAF Cabinet. To integrate the functionality with external SIEM systems, the Nemesida WAF API is used.
Setting up a centralized event collection using Rsyslog
Rsyslog
is a powerful, secure and high–performance log processing system that accepts data from various sources (systems and applications). It works according to the “client-server” model, so it can be configured as a client or server for centralized logging of other servers, network devices and remote applications. Today we will configure the interaction of two servers (client and server) for centralized storage of logs of Nemesida WAF modules.
The server with the IP address
10.0.0.1
is used for example as a centralized event storage server.