My Firewall is sending logs to rsyslog server which forwards the syslogs to LEM. Problem here is, in Rsyslog we have enabled OMUDPSPOOF module in order to change the source IP of the node which actually wraps the syslog in to 'lsyslog' format. So I just want to check whether due to this LEM is not able to detect the node or what? Can see the logs forwarded from rsyslog server to LEM and connector for the firewall is already enabled still dont see it detecting this node.
Please help.