splunk-connect-for-syslog icon indicating copy to clipboard operation
splunk-connect-for-syslog copied to clipboard

Published 20 hours ago verified publisher icon splunk

parser for log source Sucuri

Open narsree1 opened this issue 1 year ago • 1 comments

**What is the sc4s version? 3.23.0

**Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support? No

**What the vendor name? Sucuri

**What's the product name? WAF

**If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events? index:Sucuri , Sourcetype: sucuri:alert

**Do you have syslog documentation or a manual for that device??https://docs.sucuri.net/website-firewall/configuration/integrating-with-splunk/

**Feature Request description: create a parser to parse events for Sucuri

**Do you want to have it for local usage or prepare a github PR? local usage

narsree1 avatar May 13 '24 12:05 narsree1

hi @narsree1 the log format provided in the attached documentation doesn't seem to be right and they provided only one example. Can you fetch more examples to a pcap file?

mstopa-splunk avatar May 15 '24 08:05 mstopa-splunk

It seems that we haven't any activity during last 2 weeks. @narsree1 can you please share pcap file (with logs that producing your Sucuri device), you can send me on email [email protected]

ikheifets-splunk avatar May 27 '24 11:05 ikheifets-splunk

@narsree1 I haven't got your pcap on email, are you sent it?

ikheifets-splunk avatar Jun 13 '24 10:06 ikheifets-splunk

Closing this issue, because haven't got pcap file from @narsree1 and in general no reaction from @narsree1

ikheifets-splunk avatar Jun 26 '24 09:06 ikheifets-splunk