I have syslogs successfully being sent to my AlienVault OSSIM server from my SonicWall firewall, but all the pertinent data is getting dumped into USERDATA3 and not correctly being examined by the SIEM. Has anyone ever encountered this? Do I need to modify the syslog plugin? Any assistance / guidance would be useful...the community board over at AT&T Cybersecurity isn't very helpful.
Thanks in advance!
