splunk-connect-for-syslog
splunk-connect-for-syslog copied to clipboard
splunk
New Source: Aruba Wireless Controllers
sourcetype comes in as cef and the index main
raw logs from the syslog-ng ingest Jul 25 12:53:03 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: <522275> <4387> <WARN> |dot1x-proc:2| User Authentication failed. username=nicole userip=0.0.0.0 usermac=gg:gg:f9:03:dd:c5 authmethod=802.1x servername=Radius_Cluster serverip=10.255.168.30 apname=TCHQAP03.04 bssid=00:4e:35:b Jul 25 12:53:18 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=authmgr dvcpid=3726 dvchost=7205-SC msg=<522274> <3726> <ERRS> |authmgr| Mgmt User Authentication failed. username=amp-admin userip=10.255.170.10 servername=Radius_Cluster serverip=10.255.168.30 Jul 25 12:53:24 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: <520002> <4387> <ERRS> |dot1x-proc:2| Authentication server request Timeout, username=nicole userip=0.0.0.0 usermac=gg:gg:f9:03:dd:c5 servername= Radius_Cluster server-group=Private_dot1_svg serverip= 10.255.168.30 bssid=gg:gg:35:bb:14:30 apname=TCHQA Jul 25 12:53:25 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=authmgr dvcpid=3726 dvchost=7205-SC msg=<522274> <3726> <ERRS> |authmgr| Mgmt User Authentication failed. username=amp-admin userip=10.255.170.10 servername=Radius_Cluster serverip=10.255.168.30
similar events from the splunk _raw
CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: <520002> <4387> <ERRS> |dot1x-proc:2| Authentication server request Timeout, username=Cassidy. userip=0.0.0.0 usermac=gg:gg:4a:bc:30:45 servername= Radius_Cluster server-group=Private_dot1_svg serverip= 255.255.168.30 bssid=gg:gg:35:b8:e4:10 apname=TCHQA CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=authmgr dvcpid=3726 dvchost=7205-SC msg=<522274> <3726> <ERRS> |authmgr| Mgmt User Authentication failed. username=amp-admin userip=255.255.170.10 servername=Radius_Cluster serverip=255.255.168.30 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=snmp dvcpid=3873 dvchost=7205-SC msg=<399816> <3873> <ERRS> |snmp| ../unix/../shared/notifyv3.c:304 Host's 255.255.172.20 engine ID not discovered. Traps do not get queued up. CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: <520002> <4387> <ERRS> |dot1x-proc:2| Authentication server request Timeout, username=nicole userip=0.0.0.0 usermac=gg:gg:f9:03:dd:c5 servername= Radius_Cluster server-group=Private_dot1_svg serverip= 255.255.168.30 bssid=gg:gg:35:b9:87:90 apname=TCHQA
