Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mohammad_Shahid
Explorer

OPSEC lea for Mcafee SIEM missing log information for traffic logs

Hi,

We don't have a parser for the Syslog traffic at the SIEM side, so can't use log exporter, however, it's preferred we understand. So we are using OPSEC lea for the Mcafee SIEM, but traffic logs are missing on the logs at SIEM side which are visible on the checkpoint interface but apparently, opsec lea do not forward them.

Does anybody know if we can forward that information as well?

 

Thanks

Abhishek

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Are any logs showing up in the SIEM?
What precise logs are missing?
Note that LEA is initiated by the remote end and, similar to syslog, logs must be parsed correctly by the SIEM.
You should see an active TCP connection from your SIEM to your management/log server.
The remote end is also where a lot of the troubleshooting has to be done.

0 Kudos
Mohammad_Shahid
Explorer

Basically traffic logs are missing. We can see the audit logs in the SIEM. But let me try at the SIEM side as suggested.. Thanks !!!

 

0 Kudos