first you must know which syslog facility you are using to send the syslog events over to LEM.
Ensure that this facility is not used by other applications sending syslog events to LEM to ensure no overlapping of logs found.
Then under appliance > connector. Create a connector meant for AudioCodes Mediant 1000.
Under logfile: input "/var/log/localX.log" where localX is the syslog facility used by AudioCodes to send syslog to LEM.
Under output: select Alert and nDepth.
If LEM does not have a correct connector type, use any connector that uses syslog or log a case and get support to create an appropriate connector.
Once properly setup and node is detected, you can view/query raw syslog messages under nDepth and change the slider (beside the > last 10min button) to Log Messages instead of Alerts.
There's a little more configuration that has to happen, so as an addendum to what joelyue posted:
You'll need to configure the LEM to have something to do with the raw logs. Those directions are here: SolarWinds Knowledge Base :: Configuring Your LEM Appliance for Log Message Storage and nDepth Search
WARNING: This will impact the retention span of your LEM.
If you're using a random syslog connector, having it try to generate Alert data from the syslogs will just fill the LEM with errors and "InternalNewToolData" events. If all you want is raw logs, just pick "nDepth" for the output.
Raw data doesn't show up in Reports, can't be used to trigger rules and won't appear in Filters.
thanks for the addendum, i didnt know that portion needed to be configured before i can store raw syslogs messages. Guess my vendor did a great job during installation. Learnt something new.