Dell PowerVault storage ME5024
Dell PowerVault storage (ME5024) Log Ingestion Guide
PowerVault Manager • SIEM Syslog Integration Guide
Overview
This guide describes how to configure the Dell ME5024 PowerVault storage system to forward operational logs to a SIEM (Security Information and Event Management) platform via Syslog. Completing this integration provides real-time visibility into audit events, errors, alerts, and system health.
Before you begin, ensure you have administrator access to PowerVault Manager and that BluSapphire’s Datastreamer server is reachable from the storage appliance. Note the Datastreamer server's IP address before proceeding.
Configuration Steps
Forwarded Log Types
Once enabled, the ME5024 will continuously forward the following log categories to your SIEM:
Audit Logs — Records of administrative actions, configuration changes, and user activity
Error Logs — Hardware and software error events requiring attention or investigation
Alerts — Threshold-based and proactive notifications from the storage subsystem
System Health Logs — Ongoing telemetry on drive status, enclosure health, and component state
Connection Summary
Device Model
Dell ME5024 (MES024)
Management Interface
PowerVault Manager
Log Destination
SIEM Syslog Server
Syslog Port
To be shared by BluSapphire team
Log Types
Audit, Error, Alerts, System Health
Verification
After enabling Syslog forwarding, verify the integration is working by checking your SIEM platform for incoming events from the ME5024 IP address on port 12716. You should see events populating within a few minutes under normal operations.
If no logs appear in your SIEM after 10 minutes, verify network connectivity between the ME5024 and the Datastreamer. Confirm the IP address and port are correct in PowerVault Manager under Settings → Notifications → Syslog.
Last updated