Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Login to resource from Universal Forwarder?

lbogle
Contributor
‎05-22-2014 06:57 AM

Hello,
I am trying to get logs sent from a firewall to a Universal Forwarder. To get logs from the Firewall, I need to configure the Universal Forwarder to provide the firewall with login credentials. Can I do this with a Universal Forwarder or do I need to use a heavy forwarder?
Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎05-22-2014 12:02 PM

Hi lbogle,

reading your question, first thing that came up was why not use a scripted input to get these logs?
So did you check out the docs about scripted inputs?

Basically you create a script to get the logs and run this script cron like from the universal forwarder.

hope this helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎05-22-2014 12:02 PM

Hi lbogle,

reading your question, first thing that came up was why not use a scripted input to get these logs?
So did you check out the docs about scripted inputs?

Basically you create a script to get the logs and run this script cron like from the universal forwarder.

hope this helps ...

cheers, MuS

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-22-2014 08:51 AM

Well, without any more info I don't know what to say.

0 Karma
Reply
Solved! Jump to solution

lbogle
Contributor
‎05-22-2014 08:50 AM

Ha! I guess thats the question. The firewall need authentication credentials before it will allow the logs to leave so I'm not sure honestly...
Is there a spot in the universal forwarder to supply this information?
It may be too complex a request for the universal forwarder to do.
Thanks Martin.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-22-2014 08:15 AM

How does this kind of input work?

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...