Hello All,
I'm trying to evaluate the LEM product as an SIEM solution but am having difficulties with it. It's installed as a VMware appliance on ESX 4.1. I can connect to the web interface and add nodes but on some nodes it gives me an error stating there are no syslog services running (Catalyst 3560G and 3750G standalone and stacks) although when I go to the switches in question, and sh logging they are properly configured to send log events to the IP of the LEM. I've also verified that LEM is reachable by pinging it from the switch with no issues.
Another issue is when I add security devices manually (ASA5512X HA Pair, ASA 5540, ASA 5505) are the devices in question, they add with no issue, and on the "OpsCenter" tab I see that LEM is receiving events from those devices as it states that last events received are in the past few seconds (1 second, 3 seconds, etc.) yet NOWHERE in LEM do I actually see data even from those devices that ARE seemingly added without issue.
The ASA devices are also pushing NetFlow data to the LEM, that isn't visible either. Also I have a Catalyst 3850 which is sending syslogs as well as NetFlow data, no luck with LEM on that either.
I haven't even tried adding Windows hosts to LEM as I've been having such issues with the standard Cisco devices and sys logs as well as SNMP. LEM isn't displaying any of that info. Any thoughts on what I'm doing wrong, or what I need to do to actually use LEM would be greatly appreciated.
Thank you very much in advance.