Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SSIM Iron Port Event Collector Doesn't Collect Events

Created: 29 Nov 2012 • Updated: 12 Dec 2012 | 2 comments
novajon's picture
This issue has been solved. See solution.

I tried setting up the IronPort Collector and it does seem to work in terms of sending events to port 514 for certain log types, however, it seems that the web access traffic logs are only available through ftp...the collector for SSIM only uses syslog. My question is whether there is a new collector in that will collect from the following Ironport product?

The Model of Ironport is s370 version 7.1.3

Thanks.

Comments 2 CommentsJump to latest comment

Rowan's picture

Assuming you are using SSIM 4.7.x there is a new collector called "Cisco_IronPort_WS_Event_Collector_5.0.7" specifically for processing the file based logs from Cisco Ironport devices.

You will need to download it from fileconnect (see collectors C through D) and make sure you take the time to RTFM as you need to configure the Ironport to send the logs in W3C format or the collector wont work for you.

R.

SOLUTION
novajon's picture

Yes thank you, I found this finally and it solved the issues I was having. Can someone upload the 5.0 collectors to connect so that they show up in the search results for partners?