Security

BlueCoat SG810 Event Logging - Enterasys SIEM

  • 1.  BlueCoat SG810 Event Logging - Enterasys SIEM

    Posted 06-03-2014 11:21
    Hi

    I like to receive through syslog to my SIEM the "event logging" generated by a BlueCoat SG810. I already configured the BlueCoat and in my SIEM, in LOG ACTIVITY, this is what appears

    Event Name:Unknown log event
    Low Level Category:Unknown Generic Log Event
    Event Description:Unknown Generic Log-only event
    PAYLOAD (utf): <25>Jun 03 15:01:52 ProxySG: 90000 NTP: Response received from wrong NTP Server: 199.91.133.52 is not ntp.bluecoat.com(0) SEVERE_ERROR ../ntp.cpp 479

    In "LogSource" the spurcedevice didn't appear although there is a logsourcetype "BlueCoat SG Appliance"

    Do I need to change or update anything in my SIEM (7.7.2 Patch 2 (Build 636622 (7.2.0.636622))?

    Or I need to "extract the property" for these events.

    Gonzalo