Documentation forSecurity Event Manager

Add a syslog device to SEM

After you configure your syslog device to send events to SEM and verify that SEM is receiving the events, add the syslog device to SEM.

When you add a syslog device to SEM, select a connector that is specific to the network device you are adding. The connector normalizes the log data into a standard format that can be compared with logs received from other vendors' devices. See SEM connectors for a list of supported connectors.

After you configure your firewall to log to SEM, configure the corresponding connector on your SolarWinds SEM Manager. Many of the firewall connectors are similar, and some will include unique settings.

The following example describes how to configure a Cisco PIX and IOS connector on your SEM Manager.

  1. Log in to the SEM Console.

  2. On the toolbar, click Configure > Manager connectors.

  3. Locate the connector to configure.

    Type part of the connector name (Cisco PIX) in the search box, or use the filter menus in the Refine Results pane.

  4. Select the connector, and then click Add Connector.
  5. Complete the connector configuration form. The following fields are common across most connectors:
    • Name: Enter a user-friendly label for your connectors.
    • Log File: Enter the location of the log file that the connector will normalize. This is a location on either the local computer (Agents), or the SEM appliance (non-Agent devices).
    • Output: Normalized, Raw + Normalized, Raw. You only need to configure these values if SEM is configured to save raw (unnormalized) log messages.
  6. Click Add.
  7. Under Configured connectors, select your connector, and then click Start.