We have an application (Trend Micro Deep Security) which is able to forward events as syslogs (under the SIEM tab). I have configured it to forward as Basic Syslog, Local3 facility. The server hosting this application already has a LEM agent on it and is forwarding Windows logs. The only connector I saw quasi-similar to TM DS was the Trend Micro Deep Security Firewall, which I selected and changed the /var/log/ to local3. I see the log coming in using checklogs, but nothing for nDepth except the stuff forwarded by the LEM agent.
↧