McAfee cannot see the real raw log of Netasq UTM firewall. It can get the log as SMTP code xx – id = firewall (picture No.1) but it can get the real log of StoneGate firewall (picture No.2).
Please kindly see the attached.
Is there any solution to fix it?
Moved to Security Information and Event Management (SIEM) >Discussion > Discussions
Per request/Better Assistance
What do you mean with can't see the raw log?
Do you want to sse the original Log from the DataSource over the ELM or do you want to pars the log from your Datasource?
If the Datasource is logging to ELM than
1. Select one Event
2. make a Event drilldown to Events
3. Select the Event you want to see in raw log
4. click on the last tab there must be a tab from your ELM
5. Search the Events you want to see
1). with the original parser from mcafee
2). with your own parser you write
-> in the top right of the ESm console you have right the Systemproperties an icon click on it. There you can write your own parser. Be carefull pls.