topic [Cortex XDR ] Does Broker VM support tandem log dumping? Can you dump to more than 2 external storage systems at the same time (3rd party SIEM...) in Endpoint (Traps) Discussions https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/cortex-xdr-does-broker-vm-support-tandem-log-dumping-can-you/m-p/589679#M1152 <P>Hi Everyone,</P> <P>I have encountered two Broker VM log collection and dumping problems want to ask, and then please help you help, the problem is as follows:</P> <P>&nbsp;</P> <P>1.&nbsp;Can Broker VM tandem dump logs?</P> <P>&nbsp; &nbsp;&nbsp;Description:&nbsp;As shown in the figure below, a customer wants to collect external syslogs through the syslog collector function of Broker VM A, but instead of uploading the collected logs to Cortex Data Lake directly, the customer will dump them to another Broker VM B, which will upload the logs to the Data Lake, Is this part supported and is it possible? How to configure it?&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SLin576639_0-1718603034022.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/60382i6917BACBF9CDD43F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="SLin576639_0-1718603034022.png" alt="SLin576639_0-1718603034022.png" /></span></P> <P>&nbsp;</P> <P>2.&nbsp;Can you dump to more than 2 external storage systems at the same time (3rd party SIEM...)</P> <P>In addition to collecting external syslog information through the syslog collector function, can Broker VM dump these logs? For example, in the figure below, after collecting syslog information through Broker VM syslog collector =&gt; When uploading the data to Data Lake, is it possible to export the data to other storage systems (e.g. third-party SIEM system, Syslog Receiver, Database) for saving?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SLin576639_1-1718603270171.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/60383iB4BDE23EF1B0E4F8/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="SLin576639_1-1718603270171.png" alt="SLin576639_1-1718603270171.png" /></span></P> <P>&nbsp;</P> <P>Thank you in advance for your help.</P> <P>&nbsp;</P> Mon, 17 Jun 2024 05:48:56 GMT S.Lin576639 2024-06-17T05:48:56Z [Cortex XDR ] Does Broker VM support tandem log dumping? Can you dump to more than 2 external storage systems at the same time (3rd party SIEM...) https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/cortex-xdr-does-broker-vm-support-tandem-log-dumping-can-you/m-p/589679#M1152 <P>Hi Everyone,</P> <P>I have encountered two Broker VM log collection and dumping problems want to ask, and then please help you help, the problem is as follows:</P> <P>&nbsp;</P> <P>1.&nbsp;Can Broker VM tandem dump logs?</P> <P>&nbsp; &nbsp;&nbsp;Description:&nbsp;As shown in the figure below, a customer wants to collect external syslogs through the syslog collector function of Broker VM A, but instead of uploading the collected logs to Cortex Data Lake directly, the customer will dump them to another Broker VM B, which will upload the logs to the Data Lake, Is this part supported and is it possible? How to configure it?&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SLin576639_0-1718603034022.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/60382i6917BACBF9CDD43F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="SLin576639_0-1718603034022.png" alt="SLin576639_0-1718603034022.png" /></span></P> <P>&nbsp;</P> <P>2.&nbsp;Can you dump to more than 2 external storage systems at the same time (3rd party SIEM...)</P> <P>In addition to collecting external syslog information through the syslog collector function, can Broker VM dump these logs? For example, in the figure below, after collecting syslog information through Broker VM syslog collector =&gt; When uploading the data to Data Lake, is it possible to export the data to other storage systems (e.g. third-party SIEM system, Syslog Receiver, Database) for saving?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SLin576639_1-1718603270171.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/60383iB4BDE23EF1B0E4F8/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="SLin576639_1-1718603270171.png" alt="SLin576639_1-1718603270171.png" /></span></P> <P>&nbsp;</P> <P>Thank you in advance for your help.</P> <P>&nbsp;</P> Mon, 17 Jun 2024 05:48:56 GMT https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/cortex-xdr-does-broker-vm-support-tandem-log-dumping-can-you/m-p/589679#M1152 S.Lin576639 2024-06-17T05:48:56Z