All Apps and Add-ons

Has anyone been able to extract XFF with the estreamer or encore client?

ctrol
Engager

Has anyone been able to log the the original client ip in Sourcefire logs from traffic coming through a VIP in the eStreamer index?

We can see the original IP in the packet information in the FMC but are unable to get it to send in the logs to Splunk, all we get is the VIP ip address in the source ip field.

We have tested this on both the eStreamer app and the encore app in our instance, and original client ip is turned on in Sourcefire

Any help would be appreciated

jjoshi66
Engager

Any update on this?

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...