SIEM tools such as Splunk, Solarwinds, and Rapid7 perform analytics on log files and event streams to identify both security issues and network or application performance issues. SIEM tools typically work on the syslog or CEF formats but can also take an event feed through SNMP (Simple Network Monitoring Protocol).
SIEM tools for monitoring are coming up more often in enterprise customer requirements. Some use cases to log from an application integration viewpoint include:
- start/stop events for FME Flow services
- Connection request to an application - success/failure event with error through HTTPCaller.
- Logger Support for syslog and CEF.
- Logger capturing, filtering, and formatting the published log up to the current execution point in a workspace
- Batch export of FME Flow and Form jobs and log files in syslog and CEF formats.
- FME Automation start/stop
- API calls to FME (such as webhooks)
- Add/delete/update FME Flow user (including SSO users)
- FME Token access request through FME API, including the associated token userid
- Publishing these various FME-specific events through SNMP
