I have configured the sourcefire ips via syslog, i can see correctly all the events of associated devices to ips , but i can't see the events about the sensor. I need to get hardware events from the ips sensor (start, restart, shutdown, fails, etc) to create alarms of this device.
This is the data source configuration:
Change by Support Generic Syslog from Do Nothing to Log "unkown" Syslog. After this you can see all Log generated from this Data Source if is there a unkown Syslog you can pars this one. Maybe this will solve your problem.