Hello Splunkers
How can i see logs from tripwire on Splunk using Syslog port 514?
Tripwire Enterprise (TE) has at least 3 means of providing syslog:
What option are we discussing?
hi @JimWachhaus
We have installed Tripwire Add - on for Splunk i configured it as syslog 514 udp, but how can we confirm that there is a conection between the tripwire and splunk? i sent data (logs) from tripwire to splunk but i was unable to see the information.
The Add-On defaults to TE Log Management which is TCP syslog on port 1468. How did you send logs?
i log into tripwire and there is an option to send any message like warnings etc. So i suppose that sending a message the splunk can recieve it
After you log in what steps did you take to navigate to that?
Was it under settings or actions?
i just logged into tripwire console web and in message>send to syslog
What product and version are you using?