Have you ever worked on forwarding syslog from NSM 2011.1 to RSA envision appliance? I wondering how to forward these syslogs to the RSA envision?
Under the administer section in the left side pane you choose "Action Manager".
First configure your RSA Envision as a syslog server under "Action Parameters".
Then you configure which logs you want to forward under "Device Log Action Criteria"
Thanks! But how to config sending IDP logs under device log action criteria? Under Info category?
I think you can achieve that by selecting "predefined" as category.
I dont' myself use NSM to forward logs to STRM. I chose to log directly from the end-device to STRM.