Ability for sending Domino server logs to Syslog server McAfee SIEM"
(A) Information found that seems to imply that the action requested is not supported yet
Identified existing Enhancement Request
Lotus Notes SPR # NASS9Y7T2V -APAR LO85586
Domino Server To Have A Syslog Client Functionality
(B) Information found that seems to imply that the action can be achieved somehow:
(1) UNIX blogger referring to a way to send domino logs to syslog, but seems unix specific are not windows specific
Sending Domino logs to syslog
http://lpar.ath0.com/2011/07/19/sending-domino-logs-to-syslog/
(2) Identified Technote with info about equivalence between Domino severities and syslog unix severities :
How do UNIX syslog severities map to Domino severities when using the "Log to Unix System Log" Event Notification feature?
http://www-01.ibm.com/support/docview.wss?uid=swg21208005
(3) Identified indications that QRadar could be configured to discover incoming syslog events from IBM Lotus Domino device once SNMP Services are configured. but I would not know how does this translate into syslog McAfee SIEM server.
You can integrate an IBM Lotus Domino® device with IBM Security QRadar. An IBM Lotus Domino device accepts events using SNMP.
ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/LogMgr/QRadar_71MR1_DSMConfigurationGuide.pdf
Other relevant information:
syslog uses UDP listening on port 514
SNMP uses UPD listening on port 161
syslog- Wikipedia article
https://en.wikipedia.org/wiki/Syslog
When operating over a network, syslog implements a client-server application structure where the server listens on a well-known or registered port for protocol requests from clients. Historically the most common Transport Layer protocol for network logging has been User Datagram Protocol (UDP), with the server listening on port 514. As UDP lacks congestion control mechanisms, support for Transport Layer Security is required to implement and also recommended for general use[10] on Transmission Control Protocol port 6514.[11]
Simple Network Management Protocol -Wikipedia article
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Protocol details
SNMP operates in the application layer of the Internet protocol suite. All SNMP messages are transported via User Datagram Protocol (UDP). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response is sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security, requests are received on port 10161 and notifications are sent to port 10162.[3]
SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequest were added in SNMPv2 and the Report PDU was added in SNMPv3. All SNMP PDUs are constructed as follows:
The Domino SNMP Agent ( Domino Administration Help Manual)
https://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/admn_thedominosnmpagent_c.html
Development team advised to raise enhancement request to to support this functionality
From Development : as your researched showed, there is no documented way for Domino on Windows to send information to syslog server McAfee SIEM. Sounds like an enhancement/feature request
Hello Domino Team is there an update on this ??? this ER is with your team from Aug 2018 and looks like no ER is done till this time ???
There should be ability to integrate Domino with SIEM. HCL should write parsers to support most pupular SIEM vendors.
SNMP exist in Domino but schema was not updated since version 6 of Domino.