All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

FireEye and Syslog Server

richard_griffit
Engager
‎12-04-2013 05:20 PM

Is it possible to use the FireEye Splunk app with the following configuration:

FireEye sending data to a syslog server in XML format.
Universal forwarder on syslog server monitors file and sends data to the indexers.

In the file on the syslog server, the tag has a space between alert and ID. When using the FireEye Splunk app the queries come up empty.

From what I can tell, the space is causing the search to come up empty. Is there a way to handle the space in the incoming log file?

I am aware of the following from the documentation. "You will have to modify your FireyEye's logging configuration to send the logs to Splunk in xml via http."

Tags (1)
0 Karma
Reply

regriffith
Path Finder
‎03-15-2017 03:51 PM

In the end, I setup a heavy forwarder as middle man for FireEye. Seems like I used JSON format in the FireEye configuration. I no longer work at that company and I don't remember all the things I did.

0 Karma
Reply

jat75
Explorer
‎02-03-2017 07:06 AM

Every figure out if a syslog server can sit between the fireeye and splunk? I am getting data form the fireeye to splunk currently with SYSLOG CSV UDP but the app and TA dont seem to be doing anything. Thanks!

0 Karma
Reply

jat75
Explorer
‎02-03-2017 07:05 AM

Every figure out if a syslog server can stand between a fireeye and splunk? Trying to set this up and i am getting data to splunk from the fireeye (SYSLOG CSV UDP) but the app and TA don't seem to be doing anything. Thanks!

Reply
Get Updates on the Splunk Community!

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...