All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Has anyone been able to extract XFF with the estreamer or encore client?

ctrol
Engager
‎10-29-2018 01:12 PM

Has anyone been able to log the the original client ip in Sourcefire logs from traffic coming through a VIP in the eStreamer index?

We can see the original IP in the packet information in the FMC but are unable to get it to send in the logs to Splunk, all we get is the VIP ip address in the source ip field.

We have tested this on both the eStreamer app and the encore app in our instance, and original client ip is turned on in Sourcefire

Any help would be appreciated

Reply

jjoshi66
Engager
‎05-12-2020 02:15 PM

Any update on this?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...