Reference Guide
Navigate the Dell Server
98
• Locale - select a language
5. Click Save.
Compliance Reporter
Compliance Reporter has its own help system. When Compliance Reporter launches, click the Help link
on the top menu.
To launch Compliance Reporter:
1. In the left pane of the Management Console, click Compliance Reporter.
2. When Compliance Reporter launches, log in with superadmin credentials or reporting
credentials.
Export Events to a SIEM/Syslog Server
Integrating with a SIEM/syslog server allows administrators to run customized analytics on threat and
audit data within their environments. The Dell Server supports the export of Advanced Threat
Prevention events.
To export audit events to a syslog server or to a local file:
1. In the left pane, click Management > Services Management.
2. Select the Events Management tab.
3. Select the appropriate option(s):
Export to Local File allows export of audit events to a file. Enter the location in which to store the file.
This option also provides a backup of the audit events database.
Export to Syslog allows specification of the syslog server to which to export the file. If TCP protocol is
not selected, select it.
4. Click Save Preferences.
Export Audit Events with TLS/SSL over TCP
To use TLS/SSL,the syslog server must be configured to listen for TLS/SSL messages. The root
certificate used for the syslog server configuration must be added to the Dell Server Java keystore.
The following example shows necessary configurations for a Splunk server with default certificates.
Configurations are specific to individual environments. Property values vary when using non-default
certificates.
1. Configure the Splunk server to use the Splunk server certificate and root certificate to listen on
TCP for TLS/SSL messages:
$SPLUNK_HOME\etc\system\local\inputs.conf
[tcp-ssl:<port number>]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME\etc\auth\server.pem
sslPassword = <password>