Hi,
I just deployed the latest version 2 of SC4S and I sent syslog events from our firewall Stormshield. I checked and I didn't see a specific source for this firewall brand
The box is capable of sending logs in the format RFC5424, UDP/514.
I did not configure a custom filter for it and the logs are automatically recognized as UNIX OS syslog events which is wrong, they are indexed in the osnix instead of netfw.
I would like to create a filter based on the source host but I don't find any examples in the official github documentation.
for version 1 there is some but I am not sure if it applies to version 2.
any suggestion?
many thanks