Splunk Forwarder/syslog-ng filter

Getting Data In

Hello,

I use cp_log_export on my checkpoint management server to send logs (CEF format) to my syslog-ng server and on the same server, my splunk forwarder send log to my splunk server.

I got too many logs from checkpoint and I would like to know if I can did some filters on splunk forwarder or syslog-ng server before ?

for the moment in my syslog-ng I filter uniquely with tho IP source of my checkpoint management server and in my splunk forwarder with the sourcetype (checkpoint:cef).

After regarding the logs on splunk, I would like to get only the logs from the cef_product MTA, can I filter that on splunk forwarder or syslog-ng ? I prefer filtered syslog-ng to reduce the amount of logs in my syslog server.

Regards,

Get Updates on the Splunk Community!

Splunk Forwarder/syslog-ng filter

syslog

universal forwarder

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Splunk Forwarder/syslog-ng filter

syslog

universal forwarder

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk