Splunk’ing IBM Domino

[Update: I never succeeded in integrating Domino with Splunk. I encountered license issues and never moved beyond some test data before moving on from an environment containing Lotus Domino. Sorry folks.]

I’ve started integrating IBM Domino logs in to Splunk.  I am blogging about it because I can’t find anyone who has ever Splunk’ed (or SIEM’ed) Lotus Notes logs.  I suspect part of that issue may be that I rarely find people who admit to using Lotus Notes.

Are the logs any good?  We will find out.  Right now I’ve got a Universal Forwarder installed on two IBM Domino servers.  One is a mail server and one is an IMC / IBM Mobile Connect server.

My plan is to build a security focused Dashboard in Splunk.