Ryan Faircloth

icon indicating a website link www.rfaircloth.com icon indicating an email [email protected]

icon company @ziggiz-courier icon location Florida, USA icon location Architect, Security, general geek

Results 79 comments of Ryan Faircloth

Enhancement request: Support for multiple CA's for Syslog-TLS

For now, this can be worked around by using an instance of the container per TLS cert pair.

Feature Request: Use a Secret for HEC Token

Agree will look at this post 2.0

Zscaler NSS feed format tweaks for regex compliance for 'zscalernss-fw' & 'zscalernss-dns'

yes can you make a pr for this?

Splunk_cooked does not work with certain data

I tested multline with windows events can you confirm the problem on a non splunk source?

Splunk_cooked does not work with certain data

yes this is here. I need to get this into a doc page https://gist.github.com/rfaircloth-splunk/fe0f051fbedfefd13c5f56dfeb0a8b3b

Splunk_cooked does not work with certain data

UDP would limtit the event to about 1200 bytes its just unusable only tcp can really be used

Splunk_cooked does not work with certain data

Also I could use a pcap of an event that produces the invalid frame header

Splunk_cooked does not work with certain data

is the splunk host linux or windows?

syslog messages do not parse correctly when IPv4 addresses are in process name

This is incorrect and not allowed in BSD format syslog. What is the source product have you communicated the defect to the vendor?

syslog messages do not parse correctly when IPv4 addresses are in process name

The log format is not bsd formatted. In a unconfigured syslog-ng instance no processing other than logging the raw message occurs sc4s performs complex processing on the structured data for...