Integrating Service Impact and Event Management

You can integrate with Service Impact and Event Management (SIEM) to collect event data into BMC TrueSight IT Data Analytics and analyze it.

The following steps are involved in collecting and analyzing event data:

1. Configure a SIEM server.
2. Create a data collector. For instructions about creating a data collector, see Creating data collectors for external configurations.
3. Perform a search to analyze the events retrieved. For more information about performing a search, see Searching-the-data.

To configure a SIEM server

1. Navigate to Settings > External Configurations.
2. Select SIEM Configuration on the list on the top-left of your screen.
3. Provide the following details:
   (In the following table, the mandatory fields are marked with 🔵️).
   1. 🔵️ Profile name: Provide a name to identify this external configuration.
   2. 🔵️ Cell name: Provide the name of the cell defined in SIEM (for example pncell_hostName) with which you want to connect and collect event data.
   3. 🔵️ Cell host: Provide the host name of the server where the cell is located.
   4. 🔵️ Cell port: Provide the port number of the server where the cell is located.

   5. 🔵️ Cell encryption key: Provide the cell's encryption key. 

      Information

      Additional information

      You can find the preceding details such as the cell name, its encryption key, host name, and port number in the mcell.dir file.

      To access the mcell.dir file, navigate to the computer where your cell exists, as follows:

      Windows: %MCELL_HOME%\etc\

      UNIX: $MCELL_HOME/etc/

   6. Enable HA: Select this check box if you are operating in a High Availability environment. After selecting this check box, provide the host name and port number of the server where the secondary cell is located.
4. Click Save.