Ability for sending Domino server logs to Syslog server McAfee SIEM"
(A) Information found that seems to imply that the action requested is not supported yet
Identified existing Enhancement Request
Lotus Notes SPR # NASS9Y7T2V -APAR LO85586
Domino Server To Have A Syslog Client Functionality
(B) Information found that seems to imply that the action can be achieved somehow:
(1) UNIX blogger referring to a way to send domino logs to syslog, but seems unix specific are not windows specific
Sending Domino logs to syslog
(2) Identified Technote with info about equivalence between Domino severities and syslog unix severities :
How do UNIX syslog severities map to Domino severities when using the "Log to Unix System Log" Event Notification feature?
(3) Identified indications that QRadar could be configured to discover incoming syslog events from IBM Lotus Domino device once SNMP Services are configured. but I would not know how does this translate into syslog McAfee SIEM server.
You can integrate an IBM Lotus Domino® device with IBM Security QRadar. An IBM Lotus Domino device accepts events using SNMP.
Other relevant information:
syslog uses UDP listening on port 514
SNMP uses UPD listening on port 161
syslog- Wikipedia article
When operating over a network, syslog implements a client-server application structure where the server listens on a well-known or registered port for protocol requests from clients. Historically the most common Transport Layer protocol for network logging has been User Datagram Protocol (UDP), with the server listening on port 514. As UDP lacks congestion control mechanisms, support for Transport Layer Security is required to implement and also recommended for general use on Transmission Control Protocol port 6514.
Simple Network Management Protocol -Wikipedia article
SNMP operates in the application layer of the Internet protocol suite. All SNMP messages are transported via User Datagram Protocol (UDP). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response is sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security, requests are received on port 10161 and notifications are sent to port 10162.
SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequest were added in SNMPv2 and the Report PDU was added in SNMPv3. All SNMP PDUs are constructed as follows:
The Domino SNMP Agent ( Domino Administration Help Manual)
Development team advised to raise enhancement request to to support this functionality
From Development : as your researched showed, there is no documented way for Domino on Windows to send information to syslog server McAfee SIEM. Sounds like an enhancement/feature request