Hi all,
Does anybody using LEM to proccess logs from Trent Micro Interscan Web Security? I am having problem to monitor logs from TM Interscan,
Hanif,
First, have you checked these steps to enable syslog to the LEM?
Store logs in external server - InterScan Web Security Virtual Appliance (IWSVA)
Step 5 is where you'd want to enter the LEM's IP.
Then, SSH into the LEM:
SolarWinds Knowledge Base :: Use an SSH client to connect to your LEM appliance
Go to APPLIANCE and run a CHECKLOGS. If you go through the logs, can you find data from the Trend Interscan device?
Hint: If you type "/" while you're looking at the log, you can enter the IP of your Trend device to see if it's in the log.
Once you know which logs the Trend is sending data to, have you configured connectors to read those logs?
The product is listed as supported Data Source for LEM.
Data Sources - Log Management & Log Analyzer Software | SolarWinds
curtisi,
Thanks for your response.
IWSVA already configured to send log to LEM. However using ssh I am not seeing log sent by that device.
If nothing is coming to the syslog facilities on the LEM, the LEM won't have any data to normalize and present no matter what we do.
On the LEM, in that SSH session, go to APPLIANCE. Run DATECONFIG and then press ENTER 4 times without entering anything. Is the LEM's current date/time/timezone correct?
Can you confirm that the Trend system is sending data (send it to another syslog server or use WireShark)?
Support can also run a traffic analysis on the LEM with root access to check if traffic is being received if you open the ticket.
Thanks curtisi
The date and time is correct. Will install Kiwi syslog on different machine and test if IWSV sending any log. thanks for your help.
