Hi all,
We are currently setting up a SIEM service to help correlate events with our multitude of edge devices, which are primarily SSG140's and SSG5's. What we're particularly interested in, is using our SIEM platform for alerting to external attacks and such like.
My issue is that my syslog stream only contains "permit" traffic for anything that originates from the untrust zone.
Is there a way to include "deny" or "reject" traffic from untrust (or other zones) in the syslog stream?
Any thoughts gratefully received. thanks.