I’ve recently adopted Elastic Security as the SIEM for our corporate environment and I’m currently ingesting all my Endpoint devices. I’ve always been lead to believe that you should never install any software directly on to the XCP-NG host system. Anyone got any thoughts or experience on whether I should or shouldn’t?
Thanks
IM
You shouldn’t but policy often doesn’t care. I think I would test on a single host (not the pool master) to see if it causes problems.
And if you haven’t already done so, you might post this on the XCP-ng forums and see what they say in a semi official way. Assuming that you have XOA and a paid support contract, you could also reach out to support and get an official statement. Then you can go back to the bosses and or insurance company with that statement.
Hard to say if it would cause issues, but i’t not likely to survive updates. I would just use the syslog settings in XCP-ng to ship the logs over to Elastic. This is how I use it with Graylog.
Thanks guys. I think I will go with Tom’s suggestion and just forward the logs.
IM