I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk?
Currently, I am forwarding logs directly to Splunk on UDP port.
"Configure Network Security Platform (Intrushield) to send syslog to a Splunk Enterprise receiving network port or a syslog server that writes to a directory that Splunk Enterprise monitors."
The latter method (using a syslog server, rather than direct network input to splunk) is generally the recommended approach for any syslog source.