From splunk to RSA security Analytics .
Hi Splunker6789,
there are many ways to send logs to Security Analytics, we used syslogs for one of our customers.
The choice is related to the use that you want to do of logs in Splunk:
Bye.
Giuseppe
Hi Splunker6789,
there are many ways to send logs to Security Analytics, we used syslogs for one of our customers.
The choice is related to the use that you want to do of logs in Splunk:
Bye.
Giuseppe
Hi Giuseppe ,
Can you explain process of sending all logs from splunk to RSA .That will be helpful!
Hi Splunker6789,
It's described in the link:
you have to configure in your outputs.conf the destination syslog
[syslog]
defaultGroup=syslogGroup
[syslog:syslogGroup]
server = x.x.x.x:514
After edit props.conf and transforms.conf to specify the filtering criteria:
props.conf
[my_sourcetype]
TRANSFORMS-my_sourcetype = send_to_syslog
transforms.conf
[send_to_syslog]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = my_syslog_group
Bye.
Giuseppe
I have a question .We are on boarding data from splunk to Rsa .Actually the data was in splunk indexers.So I wonder how will we be on-board from indexers.
Thanks Cusello really appreciate .