Anyone know of a way to forward the logs from the modules, such as the Web Filter, Firewall, Anti-virus, etc? I would like to be able to integrate this into my SIEM, forwarding the syslogs is easy enough but to get the data from the modules themselves. I noticed some do write their logs to /var/log/ but only a few. I am able to take the CSV file and import it in but this is a manual process and not real-time. By doing this I will be able to track my network from one dashboard and be able to send alerts when something happens. I find the Untangle reports very helpful but these are after the fact, if I could get the same data forwarded to my SIEM in real-time then it will allow a much faster response time. Even allow my to maybe smack a few users in the back of the head for doing things or trying to do things they are not supposed to do while they are doing it.

My next step might be to try to right a plugin for the SIEM that could connect and pull the information out of the Untangle database.