Results 1 to 2 of 2
  1. #1
    Untanglit
    Join Date
    Feb 2014
    Posts
    17

    Default SIEM and Untangle

    I know this topic has been touched on briefly over the years but has anyone been using Untangle with a SIEM successfully? I am currently evaluating Rapid 7 and they do have a generic syslog listener but no Untangle plugin. I set this up and starting sending syslog messages from untangle but the format is not parsed in the log viewer. I did see where AlienVault has a plugin from Untangle available but Rapid 7 doesn't have one yet. Also, by default it appears that Untangle syslog is sending everything over. Does anyone have any templates of their syslog config that would be useful for a SIEM? Thanks!

  2. #2
    Untanglit
    Join Date
    Feb 2014
    Posts
    17

    Default

    Update. I did find another log collector that parsed the Untangle syslog events better. The only issue that I see now is that Untangle sends over a slash "/" preceding each ip address. Is there a reason for doing this? This makes it difficult to associate a behavior to an IP since it thinks the ip is "/1.1.1.1" and not "1.1.1.1".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2