Forum Discussion
Greg_130338
Nimbostratus
NimbostratusSyslog to McAfee SIEM
Anyone integrate LTM and APM logging with a McAfee SIEM receiever (or any syslog receiver for that matter)? I am configuring I have the remote logging server configured in my log settings on the devi...
SDnath_82757Nimbostratus
NimbostratusWe have multiple LTM devices with different versions. But currently the 1st one i am trying to integrate is in 11.4.1
Greg_130338Sorry for getting back to you so late. We are running ESM 9.5.0 MR4 and BigIP 11.5.2. Do you have any BigIP's on that version? I would try that first to rule out version issues if you can. I read something previously about needing irules to convert F5 syslog into some sort of format that the ERC could understand and parse but need to dig around again to see. To answer your previous question, I am able to parse LTM, APM, and ASM logs currently without any custom irule or ESM/RC config.- Greg_130338and actually now that we're collecting more logs it appears I do have a lot of unknown events as well. Not sure if that's expected or if you are getting ALL unknown events and nothing parsed still?