I am trying to add IBM Site Protector as a data type. I was given the address of the Windows device which forwarded nothing then after a discussion with the product owner they indicated the policy was applied to the IBM Security Protection appliance. Once I changed the data source to use that IP I started receiving events. I am just using a default syslog(asp) linux data retrieval and format, so the events are coming in as unknown.
Does anyone know what data type should be used?
Hi, Actually i've checked and it is not in the list of supported devices:
You can either write parsers to match the unknown events or you can submit PER: