cancel
Showing results for 
Search instead for 
Did you mean: 
xded
Level 12
Report Inappropriate Content
Message 11 of 15

Re: SIEM (Adding devices)

hi,

if you configure the Data Source Vendor to Axway you have only one point in Data Source Model. Try the same configuration.

But if no data arrives from the Vordel data source or the Axway data source change the "Support generic Syslog" to Parse at generic Syslog or to Log as "Unknown Syslog" event. Maybe you need a new Parser for one oder both System or you can send a PER to McAfee.

Re: SIEM (Adding devices)

@sudhir.hdc ,

In a situation similar to this, I was able to address by performing a tcpdump to see if anything was actually being sent.  SOOOOOO many different things could cause this.

Let me know if I can assist.

Highlighted

Re: SIEM (Adding devices)

Hello,

Sudhir, if your device is not within the supported device list there is almost nothing you could do to address that directly.

There are multiple workarounds such as writing down custom parsers but at the end the best will be to create a product enhancement request so that device might be possibly included into the the device list.

Re: SIEM (Adding devices)

Hello Alexander,

i have tried enrolling Fujitsu and axway which are Mcafee supported devices but the logs in SIEM are unknown logs.

Re: SIEM (Adding devices)

Hi Sudhir,

Actually the vendors Fujitsu and Axway are present in the:

http://www.mcafee.com/jp/resources/data-sheets/ds-siem-supported-devices.pdf

That doesn't mean that all products offered by these vendors are supported.

I can see that you already have a case with support so please call today and ask for me and i'll be glad to discuss all that in details.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator