Getting Data In

How do you get logs from Mcafee IPS into Splunk?


I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk?

Currently, I am forwarding logs directly to Splunk on UDP port.

Tags (1)
0 Karma

Ultra Champion

"Configure Network Security Platform (Intrushield) to send syslog to a Splunk Enterprise receiving network port or a syslog server that writes to a directory that Splunk Enterprise monitors."

The latter method (using a syslog server, rather than direct network input to splunk) is generally the recommended approach for any syslog source.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!