splunk-connect-for-syslog icon indicating copy to clipboard operation
splunk-connect-for-syslog copied to clipboard
verified publisher icon splunk

ILO 5

Open techsystems-unix opened this issue 7 months ago • 3 comments

Note: If your issue is not a bug or a feature request, please raise a support ticket through our support portal (Splunk.com > Support > Support Portal). This will help us resolve your issue more efficiently and provide you with better assistance. For more information on how to work with the Splunk Support, please refer to this guide.

What is the sc4s version? 2.49.8

Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support? Yes

What the vendor name? HPe

What's the product name? ILO 5

If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events?

Do you have syslog documentation or a manual for that device?? Yes

Feature Request description: We are interested in a new scheme for ILO 5 data ingestion. The LIO 4+ source type isn't categorizing the data properly and the data is appearing under nix:syslog.

techsystems-unix avatar Jun 10 '25 20:06 techsystems-unix

Any updates on this?

techsystems-unix avatar Jun 12 '25 12:06 techsystems-unix

We request first to update to latest version.

Please let us know if you still see this.

rjha-splunk avatar Jun 17 '25 10:06 rjha-splunk

Sc4s has been updated Jun 17 08:35:19 dksc4s1 docker[81765]: sc4s version=3.37.0 Logs are still appearing under the incorrect sourcetype 06/17/2025 12:41 ILOXXXXXXXX iLO 5: The receipt of this message confirms that Syslog is configured correctly host = XXX.XXX.XXX source = program:06/17/2025 sourcetype = nix:syslog

techsystems-unix avatar Jun 17 '25 12:06 techsystems-unix

Hello @techsystems-unix, as you mentioned there is possibility to collect PCAP file, could you share it with us?

ajasnosz avatar Jul 02 '25 11:07 ajasnosz

Hello @techsystems-unix, could you share the PCAP file with us? We are unable to develop the parser without sample log data.

ajasnosz avatar Jul 07 '25 11:07 ajasnosz

Good Morning,

I will forward this email again. I am no longer on that team, however, I will contact them now to provide the necessary information.

Thanks!

On Mon, Jul 7, 2025 at 7:37 AM ajasnosz @.***> wrote:

ajasnosz left a comment (splunk/splunk-connect-for-syslog#2769) https://github.com/splunk/splunk-connect-for-syslog/issues/2769#issuecomment-3044630787

Hello @techsystems-unix https://github.com/techsystems-unix, could you share the PCAP file with us? We are unable to develop the parser without sample log data.

— Reply to this email directly, view it on GitHub https://github.com/splunk/splunk-connect-for-syslog/issues/2769#issuecomment-3044630787, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP2NBEWDLIY2RC7OIWEP2LD3HJLYVAVCNFSM6AAAAAB7AUVWTOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTANBUGYZTANZYG4 . You are receiving this because you were mentioned.Message ID: @.***>

techsystems-unix avatar Jul 07 '25 11:07 techsystems-unix

Hi @techsystems-unix, any updates on this?

sbylica-splunk avatar Sep 30 '25 08:09 sbylica-splunk

Please close this ticket

droplet50 avatar Sep 30 '25 11:09 droplet50