This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC EVENTS to Thrid Party SIEM

NAC EVENTS to Thrid Party SIEM

Jimmy_Payne1
New Contributor

‎10-18-2013 05:03 PM

Does anyone have any hands on experience sending NAC events to a Mcafee SIEM receiver? It appears that everything is set correctly but I am not seeing events in my SIEM. Any help would be greatly appreciated.
0 Kudos
8 REPLIES 8

Kurt_Semba
Extreme Employee

‎10-26-2013 12:58 PM

Hey Jimmy, So it seems as either NetSight is not sending the data or something like a firewall is blocking the data before it hits the SIEM. To validate whether the syslog messages are leaving the NetSight appliance, use tcpdump or wireshark (usually udp port 514).
0 Kudos

Jimmy_Payne1
New Contributor

‎10-25-2013 01:36 PM

Hi Kurt Yes I did set those options in NAC and I did a tcpdump on my receiver to see if there were events coming in and there were none. So I am still stumped on that whole deal. Sorry for the late reply. We had some crazy stuff going on around here this week.
0 Kudos

Tamera_Rousseau
New Contributor

‎10-21-2013 04:57 PM

Hi Jimmy, Thanks for asking this question in our community as well as McAfee. Hopefully you can give Kurt some additional data to point you in the right direction.
0 Kudos

Kurt_Semba
Extreme Employee

‎10-19-2013 05:22 AM

Did you use NAC notification configuration to send syslog events to your SIEM? Is there a way (tcpdump) to check whether those events are received on the SIEM appliance? If they are, it's probably a parsing issue or a matter of allowing events from NAC to be received. You can change the syslog messages' format/content in NAC's notification configuration ("overwrite content") or you might be able to change the parsing logic on the McAfee side.
0 Kudos
GTM-P2G8KFN