SIEM and Untangle

[phil435]

I know this topic has been touched on briefly over the years but has anyone been using Untangle with a SIEM successfully? I am currently evaluating Rapid 7 and they do have a generic syslog listener but no Untangle plugin. I set this up and starting sending syslog messages from untangle but the format is not parsed in the log viewer. I did see where AlienVault has a plugin from Untangle available but Rapid 7 doesn't have one yet. Also, by default it appears that Untangle syslog is sending everything over. Does anyone have any templates of their syslog config that would be useful for a SIEM? Thanks!

[phil435]

Update. I did find another log collector that parsed the Untangle syslog events better. The only issue that I see now is that Untangle sends over a slash "/" preceding each ip address. Is there a reason for doing this? This makes it difficult to associate a behavior to an IP since it thinks the ip is "/1.1.1.1" and not "1.1.1.1".