[ES] ES linkage with Cyber Command, SIP cannot find the logs synchronized with ES.

Problem Description

After customer feedback, ES integration with Cyber Command was successful. Security logs were generated in ES, but cannot be found in Cyber Command.

Alarm Information

197755cc58b1bdc37a.png (65.75 KB)

41055cc58b39ca516.png (113.36 KB)

Process –

1. Check customer configuration and find that the customer has not enabled log reporting on ES. After enabling it, perform testing and can successfully find the logs synchronized from ES on Cyber Command.

280725cc58c6854105.png (55.51 KB)

Root Cause

The ES does not have log reporting enabled, resulting in the logs generated by ES not being transmitted to Cyber Command.

Solution

Enable log reporting on ES.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&type=1&category_id=2479&isOpen=true