[Update: I never succeeded in integrating Domino with Splunk. I encountered license issues and never moved beyond some test data before moving on from an environment containing Lotus Domino. Sorry folks.]
I’ve started integrating IBM Domino logs in to Splunk. I am blogging about it because I can’t find anyone who has ever Splunk’ed (or SIEM’ed) Lotus Notes logs. I suspect part of that issue may be that I rarely find people who admit to using Lotus Notes.
Are the logs any good? We will find out. Right now I’ve got a Universal Forwarder installed on two IBM Domino servers. One is a mail server and one is an IMC / IBM Mobile Connect server.
My plan is to build a security focused Dashboard in Splunk.