Hi,
New to the LEM platform and possibly why we are facing a tough time pointing logs/events from different devices to LEM for successful identification. Most logs turn up as NewToolData.
We have found Connectors for some standard devices like Checkpoint Firewalls, ISS Proventia IDS/IPS, Open LDAP servers. When we bind the connector to the appropriate node we always end up with a mismatch on the log location. Example Open LDAP default setting says /var/opt/lapd.log but after a few days of struggle we found that on the LDAP server the logs were written under /var/log/slapd.
With Cisco devices we find that the log levels never match with LEM.
McAfee DLP, Web Gateway and Email Gateway and other EPO solutions do not have any documents for integration.
ISS Proventia though we managed to integrate, LEM is unable to parse the logs into any meaningful information for interpretation.
1. Do we have to write a connector everytime a new type of log is thrown by a device ?
2. I presume each data source will have a set pattern of throwing up logs .. is the connector built as a template to fetch data from the log or do we actually parse info from the log using the connector ?
3. NewToolData from even supported devices (Data Sources - Log Management & Log Analyzer Software | SolarWinds) Why does this happen .. if a connector is already developed by Solarwinds