topic BlueCoat SG810 Event Logging - Enterasys SIEM in Security https://community.extremenetworks.com/t5/security/bluecoat-sg810-event-logging-enterasys-siem/m-p/27606#M15 Hi<BR /> <BR /> I like to receive through syslog to my SIEM the "event logging" generated by a BlueCoat SG810. I already configured the BlueCoat and in my SIEM, in LOG ACTIVITY, this is what appears<BR /> <BR /> Event Name:Unknown log event<BR /> Low Level Category:Unknown Generic Log Event<BR /> Event Description:Unknown Generic Log-only event<BR /> PAYLOAD (utf): &lt;25&gt;Jun 03 15:01:52 ProxySG: 90000 NTP: Response received from wrong NTP Server: 199.91.133.52 is not ntp.bluecoat.com(0) SEVERE_ERROR ../ntp.cpp 479<BR /> <BR /> In "LogSource" the spurcedevice didn't appear although there is a logsourcetype "BlueCoat SG Appliance"<BR /> <BR /> Do I need to change or update anything in my SIEM (<B>7.7.2 Patch 2 (Build 636622 (7.2.0.636622))?<BR /> </B><BR /> Or I need to "extract the property" for these events.<BR /> <BR /> Gonzalo<BR /> <BR /> Tue, 03 Jun 2014 18:21:00 GMT cos 2014-06-03T18:21:00Z BlueCoat SG810 Event Logging - Enterasys SIEM https://community.extremenetworks.com/t5/security/bluecoat-sg810-event-logging-enterasys-siem/m-p/27606#M15 Hi<BR /> <BR /> I like to receive through syslog to my SIEM the "event logging" generated by a BlueCoat SG810. I already configured the BlueCoat and in my SIEM, in LOG ACTIVITY, this is what appears<BR /> <BR /> Event Name:Unknown log event<BR /> Low Level Category:Unknown Generic Log Event<BR /> Event Description:Unknown Generic Log-only event<BR /> PAYLOAD (utf): &lt;25&gt;Jun 03 15:01:52 ProxySG: 90000 NTP: Response received from wrong NTP Server: 199.91.133.52 is not ntp.bluecoat.com(0) SEVERE_ERROR ../ntp.cpp 479<BR /> <BR /> In "LogSource" the spurcedevice didn't appear although there is a logsourcetype "BlueCoat SG Appliance"<BR /> <BR /> Do I need to change or update anything in my SIEM (<B>7.7.2 Patch 2 (Build 636622 (7.2.0.636622))?<BR /> </B><BR /> Or I need to "extract the property" for these events.<BR /> <BR /> Gonzalo<BR /> <BR /> Tue, 03 Jun 2014 18:21:00 GMT https://community.extremenetworks.com/t5/security/bluecoat-sg810-event-logging-enterasys-siem/m-p/27606#M15 cos 2014-06-03T18:21:00Z