We have integrated Cisco Ironport through syslog method. Now we get all logs from our ESA c370 verison 10.0.0-203. The issue is we get the logs with ICID, this ICID can be viewed only in Cisco device where it have the information like allowed or dropped/ infected file is removed or allowed by gateway like that. where we don't get much information from the logs.
Also, in one event there either source email address or destination email address or etc.......
Is there a way to fix the issue?
My question is, syslog integration in RSA is correct method or we need to move to File method to build full logs.
Kindly support us in this.