cancel
Showing results for 
Search instead for 
Did you mean: 
davidmol
Level 7

SIEM IPS Sensor Hardware Events

Hi,

I have configured the sourcefire ips via syslog, i can see correctly all the events of associated devices to ips , but i can't see the events about the sensor.  I need to get hardware events from the ips sensor (start, restart, shutdown, fails, etc) to create alarms of this device.

.

This is the data source configuration:

Regards,

Cristian David

0 Kudos
2 Replies
xded
Level 12

Re: SIEM IPS Sensor Hardware Events

Change by Support Generic Syslog from Do Nothing to Log "unkown" Syslog. After this you can see all Log generated from this Data Source if is there a unkown Syslog you can pars this one. Maybe this will solve your problem.

0 Kudos
davidmol
Level 7

Re: SIEM IPS Sensor Hardware Events

Hi xded,

Thanks for your support.

BR.

0 Kudos