cancel
Showing results for 
Search instead for 
Did you mean: 

Raw Syslog View

Hello, I'm running ESM 9.6.0 MR 7.  I have a network engineer who would like a view created that shows a list of the raw syslog messages...similar to what you see when you view the Packet tab of an event that came in via syslog.  However, I don't see a field that holds that raw syslog string.  Is it possible to build such a view?

1 Reply
Highlighted
andy777 McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Raw Syslog View

The ESM (or any SIEM) operates by "aggregating" common events. Reoccurring events between the same source/destination are grouped together Logs are split into well known fields and inserted into the database accordingly. Here is something I wrote up if you're interested in additional detail:

It's also common place to have the raw logs sent to a log manager (ELM if it's McAfee) for full text search and to meet the requirement to "retain original, unmodified, non-repudiated logs for x amount of time" common in government, financial and organizations that handle PII.

F5-ELM.PNG

The SIEM provides automated analysis of logs with the capability to easily drill down to disparate details with minimal effort. This is great for security folks trying to find the needle in the haystack but sometimes a network engineer troubleshooting is going to be looking for info not in the logs (show int) or need instant feedback so it's more appropriate for them just to log in to complete the task.

The SIEM is great for highlighting misconfigurations and errors that are logged so it is recommended to set up alarms for the network folks to kick off their workflow when something is detected also.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community