What's up guys
I'm testing sending syslog to SIEM splunk. I know that splunk has the plugin, but I'm testing it this way.
1) Does anyone know if we have any history of problems or incompatibility?
I did the configuration:
- Plugin, using TCP protocol, port 514.
- Business rules using "all"
- SIEM Mappings and apparently the log is being sent
2 I installed wireshark and the logs are arriving on the SIEM server. Is there some incompatibility? Any tips?
Splunk is direct connection, you do not need Cloud Exchange to integrate Splunk. Please review appropriate documentation for Splunk.
@zthompsoncr Thank you for the answer, but as I said I don't want to use the app that is on the marketplace. I simply need to send the logs to splunk.
I discovered that for Splunk to accept the logs you need to uncheck the option "When enabled, logs will be transformed using selected mapping file".
Prints attached.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
