How do you get logs from Mcafee IPS into Splunk?


I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk?

Currently, I am forwarding logs directly to Splunk on UDP port.

Tags (1)
0 Karma

Ultra Champion

"Configure Network Security Platform (Intrushield) to send syslog to a Splunk Enterprise receiving network port or a syslog server that writes to a directory that Splunk Enterprise monitors."

The latter method (using a syslog server, rather than direct network input to splunk) is generally the recommended approach for any syslog source.