Cloud Exchange - Syslog Splunk

  • 7 October 2023
  • 3 replies

Badge +2

What's up guys


I'm testing sending syslog to SIEM splunk. I know that splunk has the plugin, but I'm testing it this way.

1) Does anyone know if we have any history of problems or incompatibility?


I did the configuration:
- Plugin, using TCP protocol, port 514.
- Business rules using "all"
- SIEM Mappings and apparently the log is being sent


2 I installed wireshark and the logs are arriving on the SIEM server. Is there some incompatibility? Any tips?


Best answer by TiagoBigode 14 October 2023, 00:37

View original

3 replies

Userlevel 2
Badge +9

Splunk is direct connection, you do not need Cloud Exchange to integrate Splunk. Please review appropriate documentation for Splunk.

Badge +2

@zthompsoncr Thank you for the answer, but as I said I don't want to use the app that is on the marketplace. I simply need to send the logs to splunk. 

Badge +2

I discovered that for Splunk to accept the logs you need to uncheck the option "When enabled, logs will be transformed using selected mapping file".
Prints attached.