1 Reply Latest reply on Dec 8, 2014 8:32 AM by curtisi

    LEM syslog issue

    ttl

      We have an application (Trend Micro Deep Security) which is able to forward events as syslogs (under the SIEM tab). I have configured it to forward as Basic Syslog, Local3 facility. The server hosting this application already has a LEM agent on it and is forwarding Windows logs. The only connector I saw quasi-similar to TM DS was the Trend Micro Deep Security Firewall, which I selected and changed the /var/log/ to local3. I see the log coming in using checklogs, but nothing for nDepth except the stuff forwarded by the LEM agent.

        • Re: LEM syslog issue
          curtisi

          I'd suggest that you run an ExportSyslog command and dump the Local3 to a server, and then contact support.  They can test your logs against the LEM tools, and it could be that a new revision of an existing connector or a new connector is required.