Hey All!
We're trialing out the LEM product and so far we like it quite a bit (from a Windows/Linux collection, reported, etc. perspective) but we're having problems adding network equipment. I've found that I didn't have the Cisco or HP connectors enabled for log collection so i've enabled those but I can't seem to find one for our Sophos UTM's (320's to be specific). These are something that we really need to report off of due to the Web Application Firewall, Webserver Protection and plain ol' Web Protection (aka Proxy) functions that we use on the devices.
I've found where you can open the original log store and go from there but I'm not sure that's exactly what we'd want to do. Any thoughts, suggestions, recommendations? Anyone else out there using LEM with a Sophos UTM?
All the help will be greatly appreciated!
Terry