Analytics Migration Guide

Technical Documentation>  Transitioning On-Premises Syslogs to NSM
Table of Contents

Transitioning On-Premises Syslogs to NSM

This section is applicable for both NSM SaaS and NSM On-Premises environments.

 

  • Make sure that the right NSM license is provisioned to enable reporting. For more information, refer to Licensing.
  • If you are transitioning to NSM On-Premises, ensure that the Reporting and Analytics for a Controller is enabled on the Manager View | System > Settings > Administration > Deployment Settings tab. For more information, refer to Enabling Reporting and Analytics for a Controller.

To transition a firewall from syslog

  1. Login to NSM.

  2. Acquire the firewall to the NSM. If you are transitioning to:

    This step is only required if firewall is not already managed in NSM.

  3. Modify syslog agent firewall settings:

    1. Navigate to Firewall View | Device > Log > Syslog > Syslog Servers tab.

    2. Delete the Syslog Server from the list.

      1. Hover over the server to be deleted and click the Delete icon.

      2. Click Confirm in the Delete confirmation pop-up.

  4. Commit and deploy the pending changes. For more information, refer to Committing and Deploying the Updates.

  5. If you are transitioning to NSM On-Premises, enable flow reporting and analytics:

    1. Navigate to the Manager View | Home > Firewalls > Inventory page.

    2. Click the Ellipses icon of the firewall where you want to enable the syslogs under the Action column and select Edit Settings.

    3. Under Reporting & Analytics group:

      • Enable Reporting
      • Enable Auto Assign Reporting Agent or select the preferred Reporting Agent from the drop-down menu. For more information, refer to Editing Device Settings.

    4. Click Save

  6. Check the Reporting Status under Analytics & Reporting Status tab of the firewall form the Manager View | Home > Firewalls > Inventory page.

Now the firewall is acquired by the NSM:

  • When you log in to the Firewall UI, a pop-up appears stating that the firewall is managed by NSM.

  • You cannot make changes in non-config mode.
  • It is recommended to manage the firewall only from NSM.

 

  • To view the historical On-Premises syslog data in NSM, follow the steps mentioned on Integrate On-Prem Analytics with NSM.
  • After transition, the new data will be available only on NSM. If historical data is not required, you can either remove the device from syslog account or decommission syslog account entirely.
  • Data cannot be recovered once the device is removed from syslog account.