Activity Feed
- Karma Re: returning _time from subsearch to main search for sowings. 06-05-2020 12:46 AM
- Karma Re: How to delete duplicate events? for drippler. 06-05-2020 12:46 AM
- Posted Re: How to delete duplicate events? on Splunk Search. 07-10-2015 08:41 AM
- Posted map serial to a name on All Apps and Add-ons. 07-15-2011 08:49 AM
- Tagged map serial to a name on All Apps and Add-ons. 07-15-2011 08:49 AM
- Posted Re: palo alto app on All Apps and Add-ons. 06-07-2011 11:02 AM
- Posted Re: palo alto app on All Apps and Add-ons. 06-07-2011 11:01 AM
- Posted Re: palo alto app on All Apps and Add-ons. 06-07-2011 07:07 AM
- Posted Re: report on ssh login attempts from the foreign source ip address on Reporting. 05-25-2011 07:36 AM
- Posted Re: report on ssh login attempts from the foreign source ip address on Reporting. 05-25-2011 07:31 AM
- Posted report on ssh login attempts from the foreign source ip address on Reporting. 05-25-2011 06:27 AM
- Tagged report on ssh login attempts from the foreign source ip address on Reporting. 05-25-2011 06:27 AM
- Tagged report on ssh login attempts from the foreign source ip address on Reporting. 05-25-2011 06:27 AM
- Posted palo alto app on All Apps and Add-ons. 05-04-2011 12:18 PM
- Tagged palo alto app on All Apps and Add-ons. 05-04-2011 12:18 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
07-15-2011
08:49 AM
I see some reference to host lookup with a dns-like function, but can I also automatically map the PA device serial number to a more friendly name?
... View more
06-07-2011
07:07 AM
I just updated the sourcetype and here is that inputs.conf
[udp://2514]
connection_host = ip
sourcetype = ns_log
no_appending_timestamp = true
I restarted splunk an hour ago and still no data in any PaloAlto dash
... View more
maybe the Src: field is not extracted as expected
... View more
it seems to track the device IP address as the host, instead of Src:x.x.x.x -- when I go to report I see the fw appliance and the count of ssh logins without tracking how many times the foreign address attempted
... View more
I have several firewall appliances logging into one syslog file and would like to report on the number of SSH login attempts by the external source IP. The fields are a little different from typical syslog format. The appliances do not have the same rule base, so I can't key on rule number.
May 25 07:20:53 10.1.2.3 2011: May 25 15:37:39 fw_appl <50000> Dropped Inbound packet (Policy rule) Src:85.1.2.3 SPort:2624 Dst:62.1.2.3 DPort:22 IPP:6 Rule:21 Interface:WAN (Internet)
May 25 07:20:54 10.1.2.3 2011: May 25 15:37:40 fw_appl <50000> Dropped Inbound packet (Policy rule) Src:85.1.2.3 SPort:2639 Dst:62.1.2.3 DPort:22 IPP:6 Rule:21 Interface:WAN (Internet)
... View more
05-04-2011
12:18 PM
the palo alto app is not making use of the regular data files, can you help me to configure the data source?
... View more
