Use this procedure to define a notification policy to forward events in the
PowerFlex system to the rsyslog-forwarder (also known as the syslog-listener). Then, the rsyslog-forwarder forwards the events to the external destinations that are defined in the policy.
About this task
For this policy, you do not need to define a source, since the required source for
PowerFlex events is a built-in feature.
Steps
Add a destination:
First, you must add the identified Security Information and Event Manager (SIEM) server as a destination.
Go to
Settings > Events and Alerts > Notification Policies.
You can also use the following REST API:
dispatch-destinations/post
From the
Destinations pane, click
Add.
The
Create New Destination Protocol window opens.
Enter the destination name and description.
From the
Destination Type menu, select
Syslog.
Click
Next and enter the IP, port, and protocol (TCP) of the target SIEM. Ensure that the SIEM IP, port, and protocol are reachable.
Create a new policy:
The new policy defines the rules for processing
PowerFlex event messages from sources and specifies to which destination that information should be sent.
Go to
Settings > Events and Alerts > Notification Policies.
You can also use the following REST API:
dispatch-policies/post
Click
Create New Policy.
Enter a name and a description for the notification policy. For the policy name, you can enter:
Powerflex events to external Syslog
Set the
Source Type to
Powerflex_events.
From the
Resource Domain menu, select the resource domain for the notification policy. The resource domain options are: