Dell PowerVault storage ME5024

Dell PowerVault storage (ME5024) Log Ingestion Guide

PowerVault Manager • SIEM Syslog Integration Guide

Overview

This guide describes how to configure the Dell ME5024 PowerVault storage system to forward operational logs to a SIEM (Security Information and Event Management) platform via Syslog. Completing this integration provides real-time visibility into audit events, errors, alerts, and system health.

Before you begin, ensure you have administrator access to PowerVault Manager and that BluSapphire’s Datastreamer server is reachable from the storage appliance. Note the Datastreamer server's IP address before proceeding.

Configuration Steps

1

Log in to PowerVault Manager

Open a web browser and navigate to your ME5024 management interface. Sign in with administrator credentials.

2

From the top navigation menu, go to:

Settings → Notifications → Syslog

3

Add Your SIEM Syslog Server

Enter the connection details for your SIEM platform:

  • IP Address — Enter the IP address of Datastreamer server.

  • Port — Enter the port shared by BluSapphire team.

4

Apply and Enable

Click Add to save the server entry, then click Enable to activate Syslog forwarding to your SIEM.

Forwarded Log Types

Once enabled, the ME5024 will continuously forward the following log categories to your SIEM:

  • Audit Logs — Records of administrative actions, configuration changes, and user activity

  • Error Logs — Hardware and software error events requiring attention or investigation

  • Alerts — Threshold-based and proactive notifications from the storage subsystem

  • System Health Logs — Ongoing telemetry on drive status, enclosure health, and component state

Connection Summary

Parameter
Value

Device Model

Dell ME5024 (MES024)

Management Interface

PowerVault Manager

Log Destination

SIEM Syslog Server

Syslog Port

To be shared by BluSapphire team

Log Types

Audit, Error, Alerts, System Health

Verification

After enabling Syslog forwarding, verify the integration is working by checking your SIEM platform for incoming events from the ME5024 IP address on port 12716. You should see events populating within a few minutes under normal operations.

Last updated