The guide says this...
"...Please refer to your specific product documentation for sending syslog events to a remote server or SIEM, and use the IP address of the McAfee Event Receiver for the address of the remote server..."
Unfortunately, Trend Officescan doesn't forward syslog events. Only thing I have found is possibly send SNMP traps for virus alerts (for Splunk but I guess it should apply to ESM) Support for Splunk - OfficeScan 10.6
Apparently, syslog is an option when using Trend Micro Control Manager. However, within ESM adding such a datasource shows this:
Has anyone actually got Officescan to talk to ESM?
Thanks for that.
Sorry, I forgot to include the Officescan screenshot, ESM has the Officescan side of things covered but the problem lies with Officescan itself - it doesn't forward syslog events. Since my first reply I have run up Officescan in my lab and had a look around. Seems that security events (and others) can be generated as Windows Event Logs. So, going to see if adding the Officescan server as a WMI data source will do what I want. Will report back later...