McAfee cannot see the real raw log of Netasq UTM firewall. It can get the log as SMTP code xx – id = firewall (picture No.1) but it can get the real log of StoneGate firewall (picture No.2).
Please kindly see the attached.
Is there any solution to fix it?
Please move.
Moved to Security Information and Event Management (SIEM) >Discussion > Discussions
Per request/Better Assistance
Cliff
Moderator
What do you mean with can't see the raw log?
Do you want to sse the original Log from the DataSource over the ELM or do you want to pars the log from your Datasource?
I want to sse the original Log from the DataSource over the ELM
If the Datasource is logging to ELM than
1. Select one Event
2. make a Event drilldown to Events
3. Select the Event you want to see in raw log
4. click on the last tab there must be a tab from your ELM
5. Search the Events you want to see
Thank you for help.
How can I pars the log from data source?
1). with the original parser from mcafee
2). with your own parser you write
-> in the top right of the ESm console you have right the Systemproperties an icon click on it. There you can write your own parser. Be carefull pls.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA