I like to receive through syslog to my SIEM the "event logging" generated by a BlueCoat SG810. I already configured the BlueCoat and in my SIEM, in LOG ACTIVITY, this is what appears
Event Name:Unknown log event
Low Level Category:Unknown Generic Log Event
Event Description:Unknown Generic Log-only event
PAYLOAD (utf): <25>Jun 03 15:01:52 ProxySG: 90000 NTP: Response received from wrong NTP Server: 184.108.40.206 is not ntp.bluecoat.com(0) SEVERE_ERROR ../ntp.cpp 479
In "LogSource" the spurcedevice didn't appear although there is a logsourcetype "BlueCoat SG Appliance"
Do I need to change or update anything in my SIEM (7.7.2 Patch 2 (Build 636622 (220.127.116.116622))?
Or I need to "extract the property" for these events.