BlueCoat SG810 Event Logging - Enterasys SIEM

  • 3 June 2014
  • 0 replies
  • 274 views

  • New Member
  • 0 replies
Hi

I like to receive through syslog to my SIEM the "event logging" generated by a BlueCoat SG810. I already configured the BlueCoat and in my SIEM, in LOG ACTIVITY, this is what appears

Event Name:Unknown log event
Low Level Category:Unknown Generic Log Event
Event Description:Unknown Generic Log-only event
PAYLOAD (utf): <25>Jun 03 15:01:52 ProxySG: 90000 NTP: Response received from wrong NTP Server: 199.91.133.52 is not ntp.bluecoat.com(0) SEVERE_ERROR ../ntp.cpp 479

In "LogSource" the spurcedevice didn't appear although there is a logsourcetype "BlueCoat SG Appliance"

Do I need to change or update anything in my SIEM (7.7.2 Patch 2 (Build 636622 (7.2.0.636622))?

Or I need to "extract the property" for these events.

Gonzalo

0 replies

Be the first to reply!

Reply