Solved

Cloud Exchange - Syslog Splunk

  • 7 October 2023
  • 3 replies
  • 101 views

Badge +2

What's up guys

 

I'm testing sending syslog to SIEM splunk. I know that splunk has the plugin, but I'm testing it this way.

1) Does anyone know if we have any history of problems or incompatibility?

 

I did the configuration:
- Plugin, using TCP protocol, port 514.
- Business rules using "all"
- SIEM Mappings and apparently the log is being sent

 

2 I installed wireshark and the logs are arriving on the SIEM server. Is there some incompatibility? Any tips?

icon

Best answer by TiagoBigode 14 October 2023, 00:37

View original

3 replies

Userlevel 2
Badge +9

Splunk is direct connection, you do not need Cloud Exchange to integrate Splunk. Please review appropriate documentation for Splunk.

Badge +2

@zthompsoncr Thank you for the answer, but as I said I don't want to use the app that is on the marketplace. I simply need to send the logs to splunk. 

Badge +2

I discovered that for Splunk to accept the logs you need to uncheck the option "When enabled, logs will be transformed using selected mapping file".
Prints attached.

 

3981iD60164A584FA7ED4.png

 

3982i978E3576017BE06C.png

Reply