Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Other Forums
- Additional Discussions
- Cloud Exchange - Syslog Splunk
Cloud Exchange - Syslog Splunk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2023 09:26 AM - edited 10-13-2023 03:32 PM
What's up guys
I'm testing sending syslog to SIEM splunk. I know that splunk has the plugin, but I'm testing it this way.
1) Does anyone know if we have any history of problems or incompatibility?
I did the configuration:
- Plugin, using TCP protocol, port 514.
- Business rules using "all"
- SIEM Mappings and apparently the log is being sent
2 I installed wireshark and the logs are arriving on the SIEM server. Is there some incompatibility? Any tips?
Solved! Go to Solution.
- Labels:
-
cloudexchange
-
splunk
-
syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2023 03:37 PM
I discovered that for Splunk to accept the logs you need to uncheck the option "When enabled, logs will be transformed using selected mapping file".
Prints attached.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2023 10:49 AM
Splunk is direct connection, you do not need Cloud Exchange to integrate Splunk. Please review appropriate documentation for Splunk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2023 03:34 PM
@zthompsoncr Thank you for the answer, but as I said I don't want to use the app that is on the marketplace. I simply need to send the logs to splunk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2023 03:37 PM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
-
cloud exchange
14 -
DLP
10 -
Threat Protection
6 -
sdwan
5 -
MacOS
5 -
Advanced Analytics
4 -
IaaS
4 -
netskope client
4 -
CASB
3 -
cloud threat exchange
3 -
SASE
3 -
SWG
3 -
ztna
3 -
ipsec
3 -
client update
3 -
API
3 -
Netskope Agent
3 -
SupportPoral
3 -
vpn
2 -
Rest API
2 -
Community Forum
2 -
Proxy
2 -
Real-time Policy
2 -
NPA
2 -
Webinar
2 -
Netskope
2 -
Netskope Client installation mechanism
2 -
steering
2 -
publisher
2 -
Azure
2 -
Netskope Endpoint Client
2 -
technology partner
2 -
Windows 365 Desktop
2 -
Client
2 -
docker
2 -
SCIM
2 -
best practice
2 -
on-prem
2 -
NSClient
2 -
private access
2 -
Azure AD
2 -
Community Resources
2 -
NG-SWG
2 -
Cloud & Threat Challenges
2 -
SAML
2 -
crowdstrike
1 -
user
1 -
Workshops
1 -
IDP
1 -
Netskope Cloud Security
1 -
Netskope Community
1 -
Users Policies
1 -
PAC file
1 -
Netskope Advocacy
1 -
POP Server
1 -
QRadar
1 -
RBAC
1 -
voip
1 -
regex
1 -
Based-Group
1 -
proxy configurations
1 -
Admin
1 -
cisco
1 -
policy
1 -
export
1 -
roadmap
1 -
Based-Users
1 -
explicit proxy over IPSec
1 -
Microsoft Outlook
1 -
skopeit
1 -
MIP
1 -
MS Teams
1 -
Netskope Private Access
1 -
On-Premise Detection
1 -
HELP!
1 -
Infrastructure as Code (IaC)
1 -
SD-WAN
1 -
meraki
1 -
Authentication
1 -
APIv2
1 -
Remote access
1 -
Microsoft Sentinel
1 -
SupportPortal
1 -
Netskope Admin
1 -
cloud app
1 -
Email DLP
1 -
SIEM Integration
1 -
Managed apps
1 -
Verizon
1 -
Home-office
1 -
traffic routing
1 -
OVF-OVA
1 -
json
1 -
coexistence
1 -
VMware
1 -
DBIR
1 -
remote workers
1 -
traffic steering
1 -
Linux based
1 -
restriction
1 -
interoperability
1 -
logs
1 -
Adoption
1 -
Groups
1 -
Virtual Machines
1 -
HA
1 -
NewEdge
1 -
certificate error
1 -
integration
1 -
option
1 -
GRE
1 -
Reporting
1 -
Rest API to fetch the Users from NetSkope
1 -
Azure Virtual Desktop
1 -
PROD
1 -
Communications
1 -
Forensic File Storage
1 -
OSX
1 -
tunnel
1 -
ServiceNow
1 -
SMTP
1 -
Threat and Vulnerability Management
1 -
Provisionning
1 -
Monitoring
1 -
Auto-update
1 -
DLP Violation
1 -
security posture check
1 -
Bug
1 -
Cloud Security
1 -
User Defined Route (UDR)
1 -
scim query postman
1 -
Time Actively Spent on Sites Widget
1 -
CCI
1 -
Macintosh
1 -
Support
1 -
install
1 -
Unmanaged Devices
1 -
Office365
1 -
Internet next hop type
1 -
ChangeManagement
1 -
Technical Success
1 -
API Credentials
1 -
steer traffic
1 -
beta
1 -
single mode
1 -
Active Directory
1 -
Waterfox Browser
1 -
AD
1 -
hub-and-spoke model
1 -
Workflow
1 -
License
1 -
risk management: cloud services
1 -
datacenter
1 -
multi-user mode
1 -
Adapters
1 -
Next Gen SWG
1 -
Network Virtual Appliances (NVA)
1 -
Business Rule
1 -
cloudexchange
1 -
advanced analytics custom
1 -
pop
1 -
peruserconfig
1 -
RBI
1 -
tenant
1 -
AZURE-AD-FREE
1 -
IPSec Tunnels
1 -
Data Loss Prevention
1 -
splunk
1 -
watermark
1 -
training
1 -
SSPM
1 -
Sync
1 -
Cloud Firewall License
1 -
SSO cloud exchange azureAD
1 -
syslog
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In