SIEM Integration

SIEM Integration


miniOrange OnPremise Identity Server allows you to send logs and events to any Security Information and Event Management (SIEM) Tool like Splunk. This section describes an approach by modifying your log4j2.xml file.

Pre-Requisites

We recommend changing the log level to error-level messages. When log levels are down to a minimum, the server generates large amounts of information in an active production environment. As an alternative, you can set the log level to ERROR and higher so that only important logs are logged. This ensures only important information is sent over to your SIEM tool.

You can even set up a specific log to log only ERROR and higher by modifying the log4j2.xml file.

Configuration Steps

  • Add an appender. The easiest way is to copy the one below.
  • Appender section for On-premise IDP
  • Paste the appender in the appenders section as shown below. Make sure to replace <ip-address> with your SIEM IP Address.
  • SIAM IP Address
  • Restart the server.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com