I have setup the "Data Security Logs" log in my WSA to send syslog to my LEM server using UDP and Local7. I have verified that the WSA is sending out syslog, but LEM does not appear to be parsing the information. Does anyone have a step by step process on how to setup the Cisco Ironport in LEM? I want to be able to see when blocked sites are hit, spyware, virus, etc.
↧