splunk-connect-for-syslog
splunk-connect-for-syslog copied to clipboard
splunk
Splunk Connect for Syslog
Please add a new log parser for Sophos Firewall data. TA: https://splunkbase.splunk.com/app/6187/ Sourcetypes: * sophos:xg:firewall * sophos:xg:anti_virus * sophos:xg:content_filtering * sophos:xg:system_health * sophos:xg:event * sophos:xg:anti_spam * sophos:xg:sandbox ```text device="SFW" date=2022-04-25...
This is for issues: #1639 #1576 fixes: - not all context files copied from configmap mountpoint
Need a filter created for this vendor (not known) data is being logged with sourcetype:fallback Cisco ASR1002-X router running IOS version 17.3.4a metafile: EXPOSE 1515/udp cisco_sd_wan,index,firewall_sdwan cisco_sd_wan,sourcetype,netflow-vs9
Seems to always go into nix_os index since upgrade from 2.9.2 > 2.26.5 Original config: splunk_metadata.csv forcepoint_webprotect,index,forcepoint forcepoint_webaccess,index,forcepoint forcepoint_webaccess,sourcetype,websense:access forcepoint_weberror,index,forcepoint forcepoint_weberror,sourcetype,websense:error vendor_product_by_source.csv f_forcepoint_web_access,sc4s_vendor_product,"forcepoint_webaccess" f_forcepoint_web_error,sc4s_vendor_product,"forcepoint_weberror" vendor_product_by_source.conf filter f_forcepoint_web_access{ match("wcgextended") }; filter...
Hello, Can you please add a new filter for Quantum scalar technology ? log sample : ``` PRI=13 MESSAGE=Scalar-i6000[2080]: [LMC SN='9999999' USER='admin' ROLE='Admin' COMMAND='Login' DATE='2022-04-28 13:53:53 +0200' FROM='192.168.2.67' DESCRIPTION='' ]...
Update the UDP vs TCP docs section to include the full context of the recommendation contained in the blog post. https://splunk.github.io/splunk-connect-for-syslog/main/architecture/ https://www.rfaircloth.com/2020/05/21/performant-and-reliable-syslog-udp-is-best/
Would it be possible to include Oracle Storage Appliance to a future version of SC4S? There is no Splunk TA for it. I have attached a small sample of log...
Noticed the Dell RSA vendor product definitions are off. I'm not sure if the code should match the docs or if the docs should match the code. Issue: Docs indicate...