Sending Watchguard logs to Trustwave SIEM, tips.
Currently we are using Trustwave for SIEM management. Does anybody have experience with sending logs to Trustwave. The logs are getting to their server, but it doesnt seem like they are analyzing them correctly. I dont know if I need to tweak the log settings on the Firebox, or if Trustwave is not doing what they said they would do.
Sign In to comment.
My assumption is that you're sending syslog messages (which will be just plain text) as that's the only way to stream logs to a 3rd party service without it doing SNMP polling. If that's the case, the firewall will just send the data, and it'll be up to that service to do something with it.
I'd suggest contacting Trustwave and having them verify what they're seeing, if anything -- and opening a support case if there's any inclination that it might be an issue on the firewall side. With the information from your post, there's not really enough data to say one way or the other.
WatchGuard Customer Support