cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
MEsquandolas
New Member
Member since: ‎08-12-2015
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-12-2015
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Using Splunk Forwarder to Forward to ArcSight

by in Getting Data In
‎08-12-2015 06:16 AM
‎08-12-2015 06:16 AM
I got it working. Splunk is now sending all Syslog events to my third party SIEM Receiver. I am using Splunk free standalone on Win2K8 R2 in the /etc/system/local folder, edit the following .conf files (if they do not already exist, simply create them) props.conf [source::udp:514] TRANSFORMS-fwd2syslogout = syslogout transforms.conf [syslogout] REGEX = . DEST_KEY = _SYSLOG_ROUTING FORMAT = udpserver outputs.conf [syslog:udpserver] server = 1.1.1.1 (server where you want to send syslog) Good luck all. ,I have figured out how to get Splunk to forward out syslog. (in my case to McAfee SIEM Event Receiver) I am using a free Splunk stand alone implementation on a Windows 2008 R2 System in my lab. My .conf files have been placed in \Splunk\etc\system\local - if they are not there already, make them outputs.conf [syslog:udpserver] server = 10.10.10.10 (IP of system you want to forward logs to) transforms.conf [syslogout] REGEX = . DEST_KEY = _SYSLOG_ROUTING FORMAT = udpserver props.conf [source::udp:514] TRANSFORMS-fwd2syslogout = syslogout Hope this helps. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM