We currently use Cisco IronPorts and are sending the Message Transaction Logs via syslog to Splunk. I couldn't find the exact app for the IronPort, but I tried installing Cisco ESA as it had references for email. Does Splunk have rules already built-in to extract fields from Message Transaction Logs? I have also tried creating field-extractions, but they do not appear to be working 100% of the time. I am open to any suggestions.
... View more