Splunk Enterprise Security

How to get syslog from a unpopular firewall ?There is no add-on or app support for it in splunkbase.

chamjo
New Member

Hello guys:

I'm going to get log from my firewall ,in order to see more firewall information in my splunk enterprise 7.2.0 web-site,especially compliance(eg:HIPPA SOX PCI-DSS,etc) information.
But my firewall is produced by a unpopular company,not Cisco ASA、check point、fortigate etc, I can't find any add-on or app for my device in splunkbase.
so what add-on/app should I use?

Thx a lot.

0 Karma

nickhills
Ultra Champion

If there is no readily available app, you will have to build one.
This is not as daunting as it sounds, but you need to understand the logs.

If you are able to post some samples, (with any headers) we may be able to help you make a start.
What firewall is it?

If my comment helps, please give it a thumbs up!
0 Karma

lakshman239
SplunkTrust
SplunkTrust

If the firewall supports sending syslog, you can setup a syslog-ng or rsyslog on a linux server (VM could do) to receive the logs and parse them to files/folder structure. You may then have to do custom TA to extract fields for your needs.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...