IBM Guardium

 View Only

 Guardium database protection integration with archsight to send audit logs

mina medhat's profile image
mina medhat posted Sun April 27, 2025 05:14 AM

Hi everyone,

I am trying to integrate the guardium database protection with archsight to send audit logs to it but on the archsight side i am not receiving the logs intended to see 

like Guardium add or remove users , failed logins .....

even i enabled these alerts on the guardium and configured the remotelog IP on the guardium to be the archsight system

can anyone have any suggestion ?

Wendy Zemba's profile image
Wendy Zemba IBM Champion posted Mon April 28, 2025 09:00 AM

Hi @mina medhat,

I would start with the following steps.

  1. Run 'show remotelog test' from the collector cli to verify communication with ArcSight.
  2. Look at the messages file on the collector fileserver to validate it contains messages.

If both are positive, you'll want to check with your ArcSight team to make sure it's not getting dropped on their end.

It would also be helpful if you shared the command you ran for the configuration, obfuscating the syslog IP. The parameters you use make a difference to how it operates.

Veysel Gundogdu's profile image
Veysel Gundogdu posted Tue May 20, 2025 06:55 AM

Hi Mina,

First, you need to design the reports in Guardium that display the audit logs. Then, using an audit process with the "write to syslog" option, you can forward the logs to any SIEM system via syslog.


The output of the audit process uses the daemon.all syslog facility. The report is sent in CSV format through syslog, so on the ArcSight side, you will need to parse the incoming message accordingly.

Related Content